EUVD-2026-35773
GHSA-22v9-mchf-h83w
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a user opens a malicious document. Successful exploitation runs attacker-controlled code in the context of the current user, but requires social engineering since the attack vector is local and user interaction is mandatory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to manually open an attacker-supplied malicious InDesign document (UI:R in the CVSS vector) on a local system running InDesign Desktop 21.3, 20.5.3, or an earlier vulnerable build (AV:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, but the AV:L/AC:L/PR:N/UI:R vector makes this a local, user-interaction-dependent issue rather than a remotely wormable one - execution requires a victim to open a crafted file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a designer at a target organization a crafted .indd file disguised as a client brief, brand asset, or freelance portfolio sample. When the victim opens the document in a vulnerable InDesign build, the parser overflows a stack buffer and executes embedded shellcode in the user's security context, giving the attacker a foothold on a workstation that typically holds proprietary creative assets, client data, and cached cloud credentials. |
| Remediation | Apply the Adobe-released update referenced in security bulletin APSB26-58 (https://helpx.adobe.com/security/products/indesign/apsb26-58.html), which supersedes InDesign Desktop 21.3 and 20.5.3; consult the bulletin for the exact patched version numbers for each track since the input data does not include them verbatim. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all InDesign installations to identify versions 21.3, 20.5.3, or earlier; issue alert restricting document opening from untrusted external sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-i
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously craft
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier stems from a use-after-free condition trigge
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow
Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE
Share
External POC / Exploit Code
Leaving vuln.today