Description
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution
Action: Patch Now
AI Analysis

Impact

A heap‑based buffer overflow in Adobe Bridge versions 16.0.2, 15.1.4 and earlier can be triggered by a malicious file, allowing an attacker to execute code in the context of the user who opens the file. The vulnerability arises from improper bounds checking when handling certain data structures in memory, leading to arbitrary code execution.

Affected Systems

Adobe Bridge software produced by Adobe, affecting all releases up to and including Bridge 16.0.2 and 15.1.4, as well as earlier editions.

Risk and Exploitability

The CVSS score of 7.8 classifies this issue as high severity. While no EPSS score is published, the requirement for the victim to open a malicious file means the exploitation path is user‑interaction based, making it less likely to be automated but still a significant risk if users are lured to execute files. The vulnerability is not listed in the CISA KEV catalog, but the possibility of arbitrary code execution warrants urgency.

Generated by OpenCVE AI on April 14, 2026 at 21:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Bridge update that addresses the buffer overflow.
  • If no update is immediately available, avoid opening suspicious or unknown files in Bridge.
  • Maintain up‑to‑date antivirus and malware protection software.
  • Regularly check Adobe security advisories for patch releases.

Generated by OpenCVE AI on April 14, 2026 at 21:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 15 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe bridge
Vendors & Products Adobe
Adobe bridge

Tue, 14 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Bridge | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Bridge
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-15T03:58:46.684Z

Reserved: 2026-02-18T22:02:41.402Z

Link: CVE-2026-27310

cve-icon Vulnrichment

Updated: 2026-04-14T20:22:48.851Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T20:16:34.407

Modified: 2026-04-15T19:59:39.347

Link: CVE-2026-27310

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:41:09Z

Weaknesses