Description
Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Immediate Patch
AI Analysis

Impact

An out‑of‑bounds write flaw in Adobe Illustrator allows an attacker to corrupt memory during file parsing. The vulnerability can be triggered by opening a specially crafted .ai file, which may cause Adobe to write data beyond an allocated buffer. If successful, the attacker could execute arbitrary code with the permissions of the user who opens the file.

Affected Systems

Adobe Illustrator versions 29.8.4, 30.1 and all earlier releases are affected. The flaw is specific to the desktop application and is related to the Windows operating system, as indicated by the relevant Common Platform Enumeration strings. No additional bundled processes are mentioned in the available data.

Risk and Exploitability

The flaw carries a CVSS score of 7.8, indicating high severity. However, EPSS shows an exploitation probability of less than 1 % and the vulnerability is not listed in the CISA KEV catalog, suggesting low current exploitation activity. Attackers must obtain the victim’s cooperation to open the malicious file; therefore, social engineering or phishing campaigns that prompt file opening are the most likely attack vectors.

Generated by OpenCVE AI on April 16, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Illustrator security update that addresses CVE‑2026‑27272 immediately.
  • Avoid opening any unknown or suspicious Illustrator files until the application is patched.
  • Stay current with Adobe security advisories and apply subsequent patches as soon as they are released.

Generated by OpenCVE AI on April 16, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 11 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe illustrator
Vendors & Products Adobe
Adobe illustrator

Tue, 10 Mar 2026 23:15:00 +0000

Type Values Removed Values Added
Description Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Illustrator | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Illustrator
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-03-11T13:08:15.594Z

Reserved: 2026-02-18T22:02:41.388Z

Link: CVE-2026-27272

cve-icon Vulnrichment

Updated: 2026-03-11T13:01:58.348Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-10T23:16:44.423

Modified: 2026-03-11T17:11:11.030

Link: CVE-2026-27272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:30:06Z

Weaknesses