Adobe Framemaker | Untrusted Search Path (CWE-426)_CVE-2026-27290

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

AI Analysis

Untrusted Search Path vulnerability allowing execution of arbitrary code

Basic Information

ID CVE-2026-27290

Source adobe

Published Apr 14, 2026 at 22:58

Affected Product

Vendor Adobe

Product Adobe Framemaker

Affected Versions Adobe Adobe Framemaker 0

CWE Classification

CWE-426

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Adobe

Product Framemaker

Version 2022.8 and earlier

References

helpx.adobe.com /security/products/framemaker/apsb26-36.html

{
    "lastseen": "",
    "description": "Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.",
    "published": "2026-04-14T22:58:17.003Z",
    "modified": "2026-04-14T22:58:17.003Z",
    "type": "cve",
    "title": "Adobe Framemaker | Untrusted Search Path (CWE-426)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html",
    "id": "CVE-2026-27290",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "Adobe Adobe Framemaker 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Adobe Framemaker",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "Untrusted Search Path vulnerability allowing execution of arbitrary code",
    "ai_severity": "High",
    "ai_vendor": "Adobe",
    "ai_product": "Framemaker",
    "ai_version": "2022.8 and earlier",
    "ai_score": 8.6
}