Description
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an out‑of‑bounds write in Adobe Media Encoder that can lead to arbitrary code execution, as identified by CWE‑787. Attacks that manage to trigger the flaw could replace arbitrary memory contents and subsequently carry out arbitrary code in the context of the user who runs the program. The CVSS scores indicate a high severity, with a base score of 7.8, reflecting the significant impact if an attacker successfully abuses the exploit.

Affected Systems

Affected versions are Adobe Media Encoder 26.0.2, 25.6.4, and all earlier releases. A file in any of these releases that contains malicious data can be used to trigger the overflow. Users of older releases should be aware that the flaw will remain until a newer version is installed.

Risk and Exploitability

The exploitation requires user interaction; a maliciously crafted file must be opened by the victim. Because the flaw is triggered by a local file, the most likely vector is social‑engineering or phishing attachments. The EPSS score is missing, but the high CVSS base score and lack of a KEV listing indicate that this is a serious risk that should be addressed promptly.

Generated by OpenCVE AI on May 12, 2026 at 19:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched release of Adobe Media Encoder.
  • Disable automatic opening of arbitrary files and enforce strict file type restrictions.
  • Keep anti‑virus software current and scan files before opening them.

Generated by OpenCVE AI on May 12, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe media Encoder
Vendors & Products Adobe
Adobe media Encoder

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Media Encoder | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Media Encoder
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-13T03:58:04.935Z

Reserved: 2026-03-30T17:30:36.491Z

Link: CVE-2026-34639

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:17:10.320

Modified: 2026-05-12T18:55:27.190

Link: CVE-2026-34639

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T19:45:15Z

Weaknesses