What is the CVSS score of CVE-2026-34707?

CVE-2026-34707 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Adobe InCopy are affected by CVE-2026-34707?

Adobe InCopy versions 21.3, 20.5.3 and earlier contain an arbitrary code execution vulnerability triggered when users open maliciously crafted documents, creating a direct social engineering pathway…

How to fix or mitigate CVE-2026-34707?

Within 24 hours: Issue security alert to all InCopy users on affected versions and establish guidance to validate document sources before opening. Within 7 days: Deploy compensating controls including document sandboxing, disable automatic document opening features, and restrict file handling permissions for InCopy across all affected endpoints. Within 30 days: Actively monitor Adobe security advisories for patch availability; prepare pre-production testing for upgraded versions; establish organization-wide upgrade timeline once patches are validated and released.

Adobe InCopy CVE-2026-34707

EUVD-2026-35787 HIGH

Heap-based Buffer Overflow (CWE-122)

2026-06-09 adobe

GHSA-57jj-wrx7-w966

Heap Overflow Buffer Overflow RCE Incopy

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 09, 2026 - 18:54 vuln.today

DescriptionCVE.org

InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify InCopy user via OSINT

Delivery

Email weaponized .icml document

Exploit

Victim opens file in InCopy

Install

Heap buffer overflow during parsing

Hijack control flow to shellcode

Execute

Execute payload as current user

Impact

Exfiltrate documents or pivot internally

Recon

Identify InCopy user via OSINT

Delivery

Email weaponized .icml document

Exploit

Victim opens file in InCopy

Install

Heap buffer overflow during parsing

Hijack control flow to shellcode

Execute

Execute payload as current user

Impact

Exfiltrate documents or pivot internally

Vulnerability AssessmentAI

Exploitation	Exploitation requires the victim to actively open an attacker-supplied document in Adobe InCopy 21.3, 20.5.3, or earlier (CVSS AV:L with UI:R) - there is no remote network-triggered path and no listening service is involved. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H reflects a local attack vector (the malicious file must be opened on the victim's machine) requiring user interaction, with high impact across confidentiality, integrity and availability - yielding the 7.8 base score that is typical for client-side document-parsing RCEs. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker crafts a malicious InCopy document containing a structure that triggers the heap overflow during parsing and sends it to an editor or copywriter via spear-phishing email, a shared cloud folder, or a compromised freelancer handoff. When the victim double-clicks the file in InCopy, parsing corrupts the heap and yields code execution as the logged-in user, after which the attacker installs a foothold for credential theft, document exfiltration, or lateral movement.
Remediation	Apply the updates listed in Adobe Security Bulletin APSB26-59 (https://helpx.adobe.com/security/products/incopy/apsb26-59.html) - install the post-21.3 and post-20.5.3 fixed releases via the Adobe Creative Cloud desktop app or by deploying the updated MSI/PKG packages through your software-management tooling. … Detailed patch versions, workarounds, and compensating controls in full report.