Description
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-04-14
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution in the context of the current user
Action: Apply Patch
AI Analysis

Impact

A heap-based buffer overflow in Adobe Bridge allows an attacker to execute arbitrary code as the victim when a malicious file is opened. The flaw arises from improper bounds checking during processing of a file, leading to a buffer overflow on the heap. When exploited, the attacker can run arbitrary code with the privileges of the user opening the file, potentially compromising data confidentiality, integrity, and availability.

Affected Systems

Adobe Bridge versions 16.0.2, 15.1.4 and all earlier releases are vulnerable. End users running these versions of Bridge on any supported platform are at risk if a malicious file is opened.

Risk and Exploitability

The vulnerability is rated high with a CVSS score of 7.8. No EPSS score is available and the issue is not listed in CISA’s KEV catalog, indicating no public exploit is presently known. The likely attack vector requires a victim to open a malicious file, meaning an attacker needs user interaction to deliver the exploit payload. Once the file is opened, the buffer overflow allows arbitrary code execution with the user’s privileges.

Generated by OpenCVE AI on April 14, 2026 at 21:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Bridge security update (any release following 16.0.2 or 15.1.4).
  • Verify that the update has been installed successfully and restart the application.
  • If an update is not yet available, instruct users to avoid opening unknown or suspicious files and apply general safe‑file‑handling practices.

Generated by OpenCVE AI on April 14, 2026 at 21:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 15 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe bridge
Vendors & Products Adobe
Adobe bridge

Tue, 14 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Bridge | Heap-based Buffer Overflow (CWE-122)
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Bridge
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-15T03:58:47.815Z

Reserved: 2026-02-18T22:02:41.402Z

Link: CVE-2026-27311

cve-icon Vulnrichment

Updated: 2026-04-14T20:15:43.779Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T20:16:34.577

Modified: 2026-04-15T19:59:28.827

Link: CVE-2026-27311

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T14:41:09Z

Weaknesses