Description
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Premiere Pro versions 26.0.2, 25.6.4 and earlier contain a Use After Free flaw that, when a user opens a crafted project file, can lead to arbitrary code execution in the context of the current user. The flaw allows the program to read memory after it has been freed, enabling an attacker to inject and execute arbitrary code. This results in loss of confidentiality, integrity, and availability on the affected system.

Affected Systems

Adobe Premiere Pro versions 26.0.2, 25.6.4 and all earlier releases are affected. The issue exists on all platforms where these versions are installed, including Windows and macOS.

Risk and Exploitability

The CVSS score of 7.8 classifies the vulnerability as high. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a malicious file that the user must open, so the attack vector is user interaction. Once exploited, the attacker can execute arbitrary code with the victim’s privileges.

Generated by OpenCVE AI on May 12, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe Premiere Pro update.
  • Disable or restrict opening of suspicious or unknown project files until the patch is applied.
  • Monitor system activity for signs of unauthorized code execution.

Generated by OpenCVE AI on May 12, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe premiere Pro
Vendors & Products Adobe
Adobe premiere Pro

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Premiere Pro | Use After Free (CWE-416)
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Premiere Pro
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-13T03:58:03.838Z

Reserved: 2026-03-30T17:30:36.491Z

Link: CVE-2026-34638

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:17:10.190

Modified: 2026-05-12T18:55:27.190

Link: CVE-2026-34638

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:45:15Z

Weaknesses