Description
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow in Adobe After Effects that can allow an attacker to execute arbitrary code within the victim’s user context. The flaw is triggered when processing a crafted file and can result in full control over the affected system.

Affected Systems

Adobe After Effects versions 26.0, 25.6.4, and all earlier releases are affected. Users running these or older builds must consider the software out of date.

Risk and Exploitability

The CVSS score of 7.8 indicates a high‑severity flaw. While EPSS data is not available, the requirement for user interaction (opening a malicious file) reduces the likelihood of automated exploitation but still presents a significant risk, especially in environments where users regularly download or receive files from untrusted sources. The vulnerability is not listed in the CISA KEV catalog, but the impact warrants immediate attention.

Generated by OpenCVE AI on May 12, 2026 at 21:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Adobe After Effects update that addresses the stack‑based buffer overflow (see Adobe APSB26‑48 advisory).
  • Update to the latest After Effects version, ensuring that any installed patch includes the fix.
  • Implement user training and file‑type restrictions to reduce the likelihood of opening malicious files; consider scanning files with antivirus before opening in After Effects.

Generated by OpenCVE AI on May 12, 2026 at 21:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe after Effects
Vendors & Products Adobe
Adobe after Effects

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title After Effects | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe After Effects
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-12T19:26:57.362Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T20:16:38.820

Modified: 2026-05-12T20:16:38.820

Link: CVE-2026-34690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:15:25Z

Weaknesses