Description
After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-05-12
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow in Adobe After Effects that can allow an attacker to execute arbitrary code within the victim’s user context. The flaw is triggered when processing a crafted file and can result in full control over the affected system.

Affected Systems

Adobe After Effects versions 26.0, 25.6.4, and all earlier releases are affected. Users running these or older builds must consider the software out of date.

Risk and Exploitability

The CVSS score of 7.8 indicates a high‑severity flaw. While EPSS data is not available, the requirement for user interaction (opening a malicious file) reduces the likelihood of automated exploitation but still presents a significant risk, especially in environments where users regularly download or receive files from untrusted sources. The vulnerability is not listed in the CISA KEV catalog, but the impact warrants immediate attention.

Generated by OpenCVE AI on May 12, 2026 at 21:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Adobe After Effects update that addresses the stack‑based buffer overflow (see Adobe APSB26‑48 advisory).
  • Update to the latest After Effects version, ensuring that any installed patch includes the fix.
  • Implement user training and file‑type restrictions to reduce the likelihood of opening malicious files; consider scanning files with antivirus before opening in After Effects.

Generated by OpenCVE AI on May 12, 2026 at 21:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:after_effects:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Tue, 12 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe after Effects
Vendors & Products Adobe
Adobe after Effects

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title After Effects | Stack-based Buffer Overflow (CWE-121)
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe After Effects
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-05-14T03:55:54.315Z

Reserved: 2026-03-30T17:30:36.496Z

Link: CVE-2026-34690

cve-icon Vulnrichment

Updated: 2026-05-13T13:16:52.011Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T20:16:38.820

Modified: 2026-05-13T19:42:49.227

Link: CVE-2026-34690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:15:25Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow