Description
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Premiere Pro versions 26.0.2, 25.6.4 and all earlier releases contain an out‑of‑bounds write that can let an attacker run arbitrary code in the context of the user who opens a malicious media file. The flaw occurs when the program processes improperly formatted media, allowing data to be written beyond the intended memory limits.

Affected Systems

Adobe Premiere Pro installers for versions 26.0.2, 25.6.4 and earlier on any supported platform are vulnerable. Any user who installs these versions is at risk until the Adobe security update is applied.

Risk and Exploitability

The CVSS score of 7.8 signals a high severity, and the absence of an EPSS score means the likelihood of exploitation is unknown. Based on the description, it is inferred that because the issue requires user interaction — opening a crafted file — passive or remote exploitation is limited, but social engineering could trigger the vulnerability. The vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on May 12, 2026 at 19:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Adobe security update that fixes the out‑of‑bounds write in Premiere Pro.
  • Disallow opening of untrusted or unknown media files by disabling automatic previews or filtering files before import.
  • Monitor application and system logs for anomalous activity that could indicate successful exploitation.

Generated by OpenCVE AI on May 12, 2026 at 19:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:premiere_pro:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 13 May 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe premiere Pro
Vendors & Products Adobe
Adobe premiere Pro

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Premiere Pro | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Premiere Pro
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-13T10:01:25.196Z

Reserved: 2026-03-30T17:30:36.491Z

Link: CVE-2026-34636

cve-icon Vulnrichment

Updated: 2026-05-13T09:58:06.686Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:09.917

Modified: 2026-05-13T14:31:42.957

Link: CVE-2026-34636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:00:13Z

Weaknesses