After Effects
CVE-2026-21319
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Out-of-bounds memory read in Adobe After Effects 25.6 and earlier allows attackers to disclose sensitive information from process memory by tricking users into opening specially crafted files. This local vulnerability requires user interaction but carries no patch availability, leaving affected systems exposed until an update is released.
Technical ContextAI
Classified as CWE-125 (Out-of-bounds Read). Affects After Effects. After Effects versions 25.6 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
RemediationAI
Monitor vendor advisories for a patch.
More in After Effects
View allAdobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS
Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained w
Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Rated h
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that cou
After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could re
Arbitrary code execution in Adobe After Effects 25.6 and earlier results from an out-of-bounds read vulnerability trigge
Code execution in Adobe After Effects 25.6 and earlier through out-of-bounds memory reads when processing malicious file
Out-of-bounds memory reads in Adobe After Effects 25.6 and earlier enable arbitrary code execution when users open speci
Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today