EUVD-2026-35781
GHSA-p36q-gh39-3mgh
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted document, allowing attacker code to run with the privileges of the current user. The flaw carries a CVSS 7.8 (High) rating, requires victim interaction, and no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a maliciously crafted InDesign document in a vulnerable installation of Adobe InDesign Desktop 21.3, 20.5.3, or earlier - explicitly called out in the description as needing user interaction (UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H describes a local attack vector requiring user interaction with no privileges, yielding High impact across confidentiality, integrity, and availability - a classic 'open a malicious file' client-side RCE profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a graphic designer a seemingly legitimate InDesign project file (.indd) - for example, posing as a freelance client requesting edits - and when the victim opens it in a vulnerable InDesign Desktop build, a crafted structure triggers the out-of-bounds write and executes attacker shellcode in the user's session. The payload could then steal SSO tokens, drop a stealer, or move laterally from the design workstation into shared asset repositories. … |
| Remediation | The primary fix is to upgrade Adobe InDesign Desktop to the patched releases listed in Adobe security bulletin APSB26-58 (https://helpx.adobe.com/security/products/indesign/apsb26-58.html); Patch available per vendor advisory, with exact fixed build numbers documented in that bulletin and deployable via Adobe Creative Cloud's update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Adobe InDesign versions 21.3, 20.5.3 and earlier; issue mandatory policy prohibiting opening InDesign documents from external or untrusted sources; activate email gateway filtering to block .indd and .idml attachments from external senders. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE
Share
External POC / Exploit Code
Leaving vuln.today