Description
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

After Effects versions 26.0, 25.6.4 and earlier contain an integer overflow or wraparound flaw (CWE‑190) that can lead to arbitrary code execution in the context of the user who opens a malicious file. If exploited, the attacker would execute code with the victim’s privileges, potentially compromising the confidentiality, integrity, or availability of the affected system.

Affected Systems

Adobe After Effects 26.0, 25.6.4, and all earlier releases on Windows, macOS, and other supported platforms are affected. The vulnerability applies only to the After Effects application; it does not extend to other Adobe products.

Risk and Exploitability

The CVSS score of 7.8 denotes high severity. EPSS score is not provided, so the exact probability of exploitation is unknown, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is that a user must open a malicious file; this is inferred from the requirement for user interaction. Because user interaction is required, the risk is higher in environments where users frequently work with external projects.

Generated by OpenCVE AI on May 12, 2026 at 19:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Adobe security update for After Effects referenced in the security bulletin APSB26-48, which updates the application to a version newer than 26.0.
  • Disable or restrict automatic opening of project files in After Effects, requiring explicit user permission before loading any external content.
  • Enforce file‑type whitelisting or content filtering to block malicious After Effects project files from being opened by end users.

Generated by OpenCVE AI on May 12, 2026 at 19:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe after Effects
Vendors & Products Adobe
Adobe after Effects

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title After Effects | Integer Overflow or Wraparound (CWE-190)
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe After Effects
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-13T03:58:10.331Z

Reserved: 2026-03-30T17:30:36.492Z

Link: CVE-2026-34644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-12T18:17:10.840

Modified: 2026-05-12T18:55:27.190

Link: CVE-2026-34644

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:00:13Z

Weaknesses