Out-of-Bounds Read Issue in Adobe InDesign Desktop Products
CVE-2026-27284

7.8HIGH

Key Information:

Vendor: Adobe
Status: Indesign Desktop
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-27284?

Adobe InDesign Desktop versions 20.5.2 and 21.2, along with earlier versions, have a security flaw that allows an out-of-bounds read during the parsing of specially crafted files. This vulnerability could enable an attacker to read data beyond the allocated memory boundaries, potentially leading to unauthorized code execution in the context of the user who opens the malicious file. User action is required for exploitation, making awareness and caution during file handling crucial for preventing such attacks.

Affected Version(s)

InDesign Desktop 0 <= 21.2

References

https://helpx.adobe.com/security/products/indesign/apsb26...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Feb 18, 2026

CVE-2026-27284 Data

JSON