Description
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Adobe Framemaker versions up to and including 2022.8 contain a type confusion flaw that allows an attacker to cause the application to use an object of an unexpected type. Exploitation of this weakness can lead to arbitrary code execution within the context of the user who opens a crafted file.

Affected Systems

Adobe Framemaker, versions 2022.8 and earlier are affected.

Risk and Exploitability

The vulnerability has a CVSS score of 7.8, indicating high severity. No EPSS score is available, and it is not listed in the CISA KEV catalog. Exploitation requires a user to open a malicious file, so the attack vector is user interaction and the risk is moderate to high if users encounter or open unsafe documents.

Generated by OpenCVE AI on April 15, 2026 at 00:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Framemaker to the latest release that contains the fix for the type confusion flaw.
  • Restrict Framemaker’s ability to automatically open file types that can trigger the vulnerability by configuring the application or the operating system to block or manually review such files.
  • Implement a user awareness program that advises employees to avoid opening unknown or suspicious files, especially those obtained from untrusted sources.

Generated by OpenCVE AI on April 15, 2026 at 00:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe framemaker
Vendors & Products Adobe
Adobe framemaker

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Description Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Adobe Framemaker | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
Weaknesses CWE-843
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Framemaker
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-15T09:13:10.357Z

Reserved: 2026-02-18T22:02:41.398Z

Link: CVE-2026-27298

cve-icon Vulnrichment

Updated: 2026-04-15T09:07:15.669Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T23:16:26.930

Modified: 2026-04-15T17:36:56.360

Link: CVE-2026-27298

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:53:44Z

Weaknesses