Description
InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe InCopy versions 21.3, 20.5.3 and earlier contain an out‑of‑bounds write flaw that can lead to arbitrary code execution in the context of the current user. The vulnerability is triggered when a maliciously crafted file is opened within the application, allowing an attacker to overwrite adjacent memory and execute injected code. The primary impact is the execution of arbitrary code with the permissions of the user who opens the file, potentially compromising the machine or the network.

Affected Systems

The affected product is Adobe InCopy. Versions 21.3, 20.5.3 and all earlier releases of the software are vulnerable. The issue does not affect other Adobe products or later builds beyond the stated version thresholds.

Risk and Exploitability

The CVSS score of 7.8 reflects a high severity. The vulnerability is not listed in CISA’s KEV catalog. Because the exploitation requires the victim to open a malicious file, the attack vector is user interaction, making it more likely to be successful in environments where users routinely process untrusted documents. The combination of high CVSS, the requirement for user action, and the potential for arbitrary code execution indicates a moderate to high risk for affected installations.

Generated by OpenCVE AI on June 9, 2026 at 22:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe InCopy to any version later than 21.3 or 20.5.3 that includes the vendor‑supplied fix as outlined in Adobe’s security advisory.
  • Implement file‑type whitelisting or stricter access controls so that only trusted documents can be opened by users, reducing the likelihood that a malicious file is processed.
  • Scan all documents with a current antivirus or anti‑malware solution before opening them in InCopy to detect and block exploitation attempts.

Generated by OpenCVE AI on June 9, 2026 at 22:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InCopy | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T17:49:16.451Z

Reserved: 2026-03-30T17:30:36.498Z

Link: CVE-2026-34706

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-06-09T18:16:43.087

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-34706

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses