Description
Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-04-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

Adobe Framemaker versions 2022.8 and earlier contain an access of an uninitialized pointer that can expose memory contents. This flaw allows an attacker to read sensitive data from the victim’s system when a malicious file is opened. The vulnerability does not provide direct remote code execution or denial of service; its primary consequence is the disclosure of confidential information.

Affected Systems

Affected products are Adobe Framemaker 2022.8 and all earlier releases distributed by Adobe. All users running those versions are potentially vulnerable and should verify their installed version against the latest available update.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk to confidentiality. Exploitation requires the victim to interact with a crafted file, so the likelihood of attack is limited to social engineering scenarios. There are no publicly known exploits listed, and the vulnerability is not included in the CISA KEV catalog, meaning active exploit activity has not been documented. Nonetheless, organizations should treat the flaw with caution due to its impact on sensitive data exposure.

Generated by OpenCVE AI on April 15, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Framemaker to the latest version that contains the patch for the uninitialized pointer issue.
  • Avoid opening files from untrusted or unknown sources to prevent execution of malicious content.
  • Run Framemaker in a sandboxed environment or limit file permissions to reduce the impact if a malicious file is opened.

Generated by OpenCVE AI on April 15, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Wed, 15 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe framemaker
Vendors & Products Adobe
Adobe framemaker

Tue, 14 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Description Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Adobe Framemaker | Access of Uninitialized Pointer (CWE-824)
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

Subscriptions

Adobe Framemaker
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-15T17:29:10.177Z

Reserved: 2026-02-18T22:02:41.398Z

Link: CVE-2026-27300

cve-icon Vulnrichment

Updated: 2026-04-15T17:29:06.241Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T23:16:27.240

Modified: 2026-04-15T17:35:09.403

Link: CVE-2026-27300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:53:41Z

Weaknesses