Description
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability involving an integer overflow or wraparound in Adobe Media Encoder exists in versions 26.0.2, 25.6.4 and earlier. The flaw can be triggered when a user opens a crafted file and may allow an attacker to execute arbitrary code within the context of the current user.

Affected Systems

Adobe Media Encoder, specifically version 26.0.2 and 25.6.4 as well as all earlier releases. Users of these versions are at risk unless they upgrade to a newer, patched build.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. While the EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, exploitation requires user interaction – the victim must open a malicious file. Consequently, the likelihood of an attack depends on user behavior and the presence of malicious media files.

Generated by OpenCVE AI on May 12, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Adobe Media Encoder to the latest release that resolves the integer overflow issue.
  • While an update is pending, prevent opening unknown or untrusted files in Media Encoder and disable automatic file opening features.
  • Deploy endpoint protection and monitor for any attempts to exploit the vulnerability.

Generated by OpenCVE AI on May 12, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe media Encoder
Vendors & Products Adobe
Adobe media Encoder

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Media Encoder | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Media Encoder
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T18:52:35.197Z

Reserved: 2026-03-30T17:30:36.492Z

Link: CVE-2026-34640

cve-icon Vulnrichment

Updated: 2026-05-12T18:52:04.941Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:17:10.447

Modified: 2026-05-12T18:55:27.190

Link: CVE-2026-34640

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:30:23Z

Weaknesses