Description
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.
Published: 2026-04-15
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Uncontrolled Search Path leading to arbitrary code execution
Action: Patch Now
AI Analysis

Impact

Adobe Photoshop Installer suffered from a flaw where the search path for locating critical resources could be manipulated. This uncontrolled search path element, identified as CWE‑427, could allow a local attacker to place malicious files in a directory that the installer would read preferentially, enabling the attacker to run arbitrary code with the privileges of the user who launches the installer.

Affected Systems

Systems impacted are those running Adobe Photoshop Installer from Adobe. No specific version information is supplied; users who routinely download and run the installer are potentially exposed.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity. Exploitation requires user interaction; the attacker must persuade a user to execute the installer on the target machine. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, but the high severity score suggests that the vulnerability can be leveraged for significant damage.

Generated by OpenCVE AI on April 15, 2026 at 22:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Adobe Photoshop Installer from Adobe’s official website.
  • Configure application whitelisting (e.g., AppLocker or Software Restriction Policies) so that only signed Adobe installers are allowed to run.
  • Restrict the PATH environment variable to trusted directories and prevent modification by installers.
  • Verify that non‑Adobe installers are blocked and that system updates are applied regularly.

Generated by OpenCVE AI on April 15, 2026 at 22:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe adobe Photoshop Installer
Vendors & Products Adobe
Adobe adobe Photoshop Installer

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.
Title Photoshop Installer | CWE-427: Uncontrolled Search Path Element
Weaknesses CWE-427
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Adobe Adobe Photoshop Installer
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-04-16T03:55:40.701Z

Reserved: 2026-03-30T17:30:36.491Z

Link: CVE-2026-34632

cve-icon Vulnrichment

Updated: 2026-04-15T19:58:09.923Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T19:16:36.223

Modified: 2026-04-17T15:08:54.530

Link: CVE-2026-34632

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:12:24Z

Weaknesses