Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-parsing flaw needing the victim to open a malicious file (AV:L/UI:R), no prior privileges (PR:N), yielding full code execution in the user's context (C/I/A:H).
Primary rating from Vendor (adobe).
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Media Encoder is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Media Encoder arises from a stack-based buffer overflow (CWE-121) triggered when a victim opens a maliciously crafted media file, allowing an attacker to run code in the context of the current user. The CVSS 3.1 base score is 7.8 (local vector, user interaction required, no privileges needed). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a maliciously crafted file in Adobe Media Encoder (UI:R), and the attack executes locally on the user's workstation (AV:L) with no attacker authentication or elevated privileges needed (PR:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a real but user-interaction-gated risk rather than an internet-facing emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious media or project file that overflows a stack buffer in Media Encoder's parser and emails or shares it with a target editor or media-production user. When the victim opens the file, the overflow hijacks control flow and executes attacker code with the victim's privileges, potentially installing malware or stealing data. … |
| Remediation | Patch available per vendor advisory: update Adobe Media Encoder to the fixed release listed in Adobe security bulletin APSB26-72 (https://helpx.adobe.com/security/products/media-encoder/apsb26-72.html); the exact patched version string is not present in the supplied input, so pull it directly from that advisory and apply the vendor update or use the Creative Cloud desktop app's update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Adobe Media Encoder installations across the organization and notify affected users to avoid opening media files from untrusted sources; simultaneously, prepare communication for leadership summarizing the risk window. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Adobe Media Encoder
View allArbitrary code execution in Adobe Media Encoder is possible through an out-of-bounds write triggered when a victim opens
Arbitrary code execution in Adobe Media Encoder is possible when a victim opens a maliciously crafted media file, trigge
Arbitrary code execution in Adobe Media Encoder arises from an out-of-bounds write (CWE-787) that lets a crafted media f
Media Encoder is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44447
GHSA-rvrg-6mx8-rph8