Description
Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Assess Impact
AI Analysis

Impact

Adobe Framemaker 2022.8 and earlier contain an out‑of‑bounds write flaw that can be used to execute arbitrary code in the context of the user who opens a malicious file. The vulnerability is triggered when a user opens a specially crafted document, allowing an attacker to run code under the victim’s credentials.

Affected Systems

The flaw affects Adobe Framemaker versions 2022.8 and all earlier releases. No other products or later versions are listed as vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates moderate to high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting that widespread exploitation is not yet documented. The likely attack vector is local: an attacker must supply the malicious file to a victim and persuade the victim to open it, which attests that user interaction is required. Under these conditions, the risk to organizations depends largely on internal policies around file handling and user awareness.

Generated by OpenCVE AI on April 15, 2026 at 00:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of Adobe Framemaker released after 2022.8 that contains the vendor’s fix for the out‑of‑bounds write flaw.
  • Enforce least‑privilege for all users running Framemaker and restrict the ability to execute scripts or macros from untrusted documents.
  • Educate users to verify the source of any new or unexpected Adobe Framemaker files and to avoid opening documents from unfamiliar senders.

Generated by OpenCVE AI on April 15, 2026 at 00:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe framemaker
Vendors & Products Adobe
Adobe framemaker

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Description Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Adobe Framemaker | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Framemaker
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-15T09:13:10.635Z

Reserved: 2026-02-18T22:02:41.397Z

Link: CVE-2026-27295

cve-icon Vulnrichment

Updated: 2026-04-15T09:07:21.028Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T23:16:26.460

Modified: 2026-04-15T18:14:25.390

Link: CVE-2026-27295

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:53:46Z

Weaknesses