Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-parsing bug requiring the victim to open a malicious file (AV:L, UI:R); no prior privileges needed (PR:N); memory corruption yields full code execution as the user, so C/I/A all High.
Primary rating from Vendor (adobe).
CVSS VectorVendor: adobe
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AnalysisAI
Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) that executes attacker-controlled code in the context of the current user. The flaw affects Adobe Bridge as reported by Adobe (advisory APSB26-81) and is rated CVSS 7.8; no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that a victim open or preview a maliciously crafted file in Adobe Bridge on a system where Bridge is installed; this is confirmed by the description ('a victim must open a malicious file') and by the CVSS vector (AV:L, UI:R). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 7.8) describes a locally-delivered, low-complexity attack that requires no prior privileges but does require user interaction, with high impact to confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious asset file (e.g., an image or media file that triggers the out-of-bounds write in Bridge's parser) and delivers it via email, a shared network drive, or a download, using social engineering to persuade the victim to open or preview it in Adobe Bridge. When Bridge parses the file, the out-of-bounds write corrupts memory and executes attacker code with the privileges of the logged-in user. … |
| Remediation | Apply the patched Adobe Bridge release listed in Adobe security bulletin APSB26-81 (https://helpx.adobe.com/security/products/bridge/apsb26-81.html); the exact fixed version is published there and should be deployed via the Creative Cloud desktop app or enterprise Admin Console - patch available per vendor advisory, exact fix version to be confirmed from APSB26-81 as it is not included in the input data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: notify all Adobe Bridge users to restrict file-opening to trusted sources and report suspicious files to security; inventory all systems running Adobe Bridge and their user population. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Adobe Bridge
View allArbitrary code execution in Adobe Bridge allows an attacker to run code in the context of the current user by tricking a
Arbitrary code execution in Adobe Bridge is possible through an out-of-bounds write (CWE-787) triggered when a victim op
Arbitrary code execution in Adobe Bridge is possible when a victim opens a maliciously crafted file that triggers a heap
Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening
Arbitrary code execution in Adobe Bridge arises from an integer overflow (CWE-190) triggered when a victim opens a malic
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44495
GHSA-jw5m-6mgx-5h74