Description
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier contain an out-of-bounds write flaw (CWE-787) that can be triggered by opening a malicious file. The vulnerability allows an attacker to overwrite adjacent memory and execute arbitrary code with the privileges of the currently logged‑on user, potentially leading to system compromise or data exfiltration.

Affected Systems

Adobe InDesign Desktop for all desktop platforms. Affected releases include 21.3, 20.5.3 and any earlier releases of the software. Users of these versions are consequently vulnerable until the issue is fixed by Adobe.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and although the EPSS score is unavailable, the need for user interaction reduces the likelihood of automated exploitation. The flaw is not currently listed in CISA’s KEV catalog, and no public exploits have been reported, but the high severity and local‑user requirement mean that cautious users and administrators should treat the vulnerability with priority.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Adobe’s security advisory for InDesign Desktop and download the latest update that includes the fix for CVE‑2026‑48293.
  • Verify that the installed version is 21.4 or later; if not, install the recommended upgrade immediately.
  • In the meantime, instruct users to avoid opening unknown or suspicious InDesign files and consider disabling any script execution features until a patch is applied.

Generated by OpenCVE AI on June 9, 2026 at 21:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe indesign Desktop
Vendors & Products Adobe
Adobe indesign Desktop

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title InDesign Desktop | Out-of-bounds Write (CWE-787)
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Adobe Indesign Desktop
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:42:03.435Z

Reserved: 2026-05-21T15:28:38.135Z

Link: CVE-2026-48293

cve-icon Vulnrichment

Updated: 2026-06-09T19:41:52.226Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T18:17:03.467

Modified: 2026-06-09T19:30:24.713

Link: CVE-2026-48293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T03:00:10Z

Weaknesses