Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
File must be opened locally by a user so AV:L and UI:R; no privileges needed (PR:N) and code runs as current user with full C/I/A impact.
Primary rating from Vendor (adobe).
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file that triggers a heap-based buffer overflow (CWE-122), letting an attacker run code in the context of the current user. The flaw was reported by Adobe and disclosed in advisory APSB26-81; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to open a malicious file within Adobe Bridge (UI:R) - this user-interaction step is the primary prerequisite and limiting factor. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - a local attack vector requiring user interaction but no prior privileges, yielding full confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious file that triggers the heap overflow in Adobe Bridge and delivers it via email, a shared drive, or a download disguised as a legitimate creative asset. When the victim opens the file in Bridge, the overflow corrupts heap memory and executes attacker-controlled code with the victim's privileges. … |
| Remediation | Apply the update referenced in Adobe security advisory APSB26-81 (https://helpx.adobe.com/security/products/bridge/apsb26-81.html) - Patch available per vendor advisory; the exact fixed version was not provided in the input and should be taken directly from that bulletin. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, issue guidance to all Adobe Bridge users warning against opening Bridge files from untrusted or unexpected sources and directing use of alternative applications where feasible; conduct an asset inventory to identify all Bridge deployments across the organization. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Adobe Bridge
View allArbitrary code execution in Adobe Bridge allows an attacker to run code in the context of the current user by tricking a
Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim op
Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening
Arbitrary code execution in Adobe Bridge arises from an integer overflow (CWE-190) triggered when a victim opens a malic
Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-o
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44498
GHSA-x444-68r9-2w85