CVE 8.6 HIGH

Illustrator | Untrusted Search Path (CWE-426)_CVE-2026-21280

January 13, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

AI Analysis

Untrusted Search Path vulnerability allowing arbitrary code execution in the context of the current user

Basic Information

ID CVE-2026-21280

Source adobe

Published Jan 13, 2026 at 18:41

Modified Jan 13, 2026 at 19:01

Affected Product

Vendor Adobe

Product Illustrator

Affected Versions Adobe Illustrator 0

CWE Classification

CWE-426

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Adobe

Product Illustrator

Version 29.8.3, 30.0

References

helpx.adobe.com /security/products/illustrator/apsb26-03.html

{
    "lastseen": "",
    "description": "Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.",
    "published": "2026-01-13T18:41:21.310Z",
    "modified": "2026-01-13T19:01:27.683Z",
    "type": "cve",
    "title": "Illustrator | Untrusted Search Path (CWE-426)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/illustrator/apsb26-03.html",
    "id": "CVE-2026-21280",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Adobe Illustrator 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Illustrator",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "Untrusted Search Path vulnerability allowing arbitrary code execution in the context of the current user",
    "ai_severity": "High",
    "ai_vendor": "Adobe",
    "ai_product": "Illustrator",
    "ai_version": "29.8.3, 30.0",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply