Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in Adobe Illustrator that can be triggered by opening a crafted file. This flaw can be leveraged to execute arbitrary code in the context of the current user, a classic manifestation of CWE‑787. The impact is therefore the potential for a local attacker to gain code execution authority with the privileges of the user opening the file.

Affected Systems

Adobe Illustrator versions 29.8.4, 30.1 and earlier on Windows are affected. The advisory lists Adobe:Illustrator as a susceptible product; no other specific OS versions are enumerated beyond the generic Windows platform in the CPE list.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score of less than 1% shows a very low probability of active exploitation at this time, and the vulnerability is not flagged in the CISA KEV catalog. Exploitation requires a victim to open a malicious file, so a user‑interaction vector is assumed. Attackers would need to supply a specifically crafted document to trigger the out‑of‑bounds write.

Generated by OpenCVE AI on April 16, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Illustrator security update or upgrade to a version newer than 30.1, which addresses the out‑of‑bounds write flaw.
  • Configure Adobe Content Protection or system controls to block or quarantine potentially malicious Illustrator files until verified.
  • Ensure antivirus or endpoint protection solutions are enabled and kept current, scanning any incoming or open Illustrator files for known exploit signatures.

Generated by OpenCVE AI on April 16, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Vendors & Products Adobe
Adobe illustrator

Tue, 10 Mar 2026 23:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Illustrator
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T13:08:15.395Z

Reserved: 2025-12-12T22:01:18.207Z

Link: CVE-2026-21362

cve-icon Vulnrichment

Updated: 2026-03-11T13:01:56.376Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T23:16:43.577

Modified: 2026-03-11T17:06:30.623

Link: CVE-2026-21362

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses