Heap-based Buffer Overflow in Adobe Illustrator Affects Multiple Versions
CVE-2026-34687

7.8HIGH

Key Information:

Vendor: Adobe
Status: Illustrator
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34687?

A heap-based buffer overflow vulnerability exists in Adobe Illustrator, affecting versions 29.8.6 and earlier. This flaw allows for potential arbitrary code execution in the context of the current user. Exploitation of the vulnerability necessitates user interaction; specifically, a user must open a specially-crafted malicious file to trigger the issue.

Affected Version(s)

Illustrator 0 <= 30.3

References

https://helpx.adobe.com/security/products/illustrator/aps...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34687 Data

JSON