EUVD-2026-22650
GHSA-38g6-9fgr-3mmj
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Heap-based buffer overflow in Adobe InDesign Desktop versions 20.5.2, 21.2 and earlier enables arbitrary code execution with high confidentiality, integrity, and availability impact when users open malicious files. No public exploit identified at time of analysis. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify and inventory all Adobe InDesign Desktop installations (versions 20.5.2, 21.2, and earlier) across the organization using endpoint detection tools; disable InDesign's auto-open features and implement mandatory security awareness training prohibiting file opening from untrusted sources. Within 7 days: Restrict InDesign usage to isolated, non-administrative user accounts; establish a file review process requiring IT approval before opening design files from external parties; configure application whitelisting to prevent unsigned code execution. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today