Skip to main content

Affinity EUVDEUVD-2026-12616

| CVE-2026-20726 MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-17 talos
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12616
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
MEDIUM 6.1

DescriptionCVE.org

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

AnalysisAI

Canva Affinity's EMF file parser is vulnerable to out-of-bounds read attacks when processing specially crafted files, allowing attackers to extract sensitive information from application memory. This local vulnerability requires user interaction to trigger and has no available patch, affecting users who open malicious EMF documents in Affinity.

Technical ContextAI

The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file processing library, which handles vector graphics and metafile formats commonly used in Windows and design applications. The affected product is identified via CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*, indicating the Affinity design suite application. The root cause is classified under CWE-125 (Out-of-bounds Read), a memory safety flaw where the parser fails to properly validate buffer boundaries when reading EMF record structures. This occurs when the application processes specially crafted EMF headers or record data without sufficient bounds checking, allowing attackers to read adjacent memory regions containing sensitive data such as encryption keys, usernames, file paths, or other application state information.

RemediationAI

Update Canva Affinity to the patched version released by Canva following this disclosure; consult the vendor security advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62 for the specific patched version number and installation instructions. As an interim mitigation, restrict the opening of EMF files from untrusted sources, disable automatic file preview features that may trigger EMF parsing, and educate users to avoid opening EMF attachments or files from unfamiliar senders. Organizations should monitor Canva's security advisory page and the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-20726 for patch availability confirmation and any supplementary guidance. If patching is delayed, implement file-type filtering on email gateways and network shares to prevent distribution of EMF files in sensitive environments.

CVE-2025-66342 HIGH
7.8 Mar 17

A type confusion vulnerability in the EMF (Enhanced Metafile) functionality of Canva Affinity allows attackers to achiev

CVE-2025-64301 HIGH
7.8 Mar 17

An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution

CVE-2025-62500 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, al

CVE-2025-61979 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file handling functionality of Canva Affinity,

CVE-2025-64733 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, allow

CVE-2025-66000 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,

CVE-2025-64776 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling that allows attacke

CVE-2025-64735 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file processing functionality, af

CVE-2025-66633 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in the EMF (Enhanced Metafile) file parsing functionality of Canva Affinity,

CVE-2025-58427 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec

CVE-2025-66617 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file parsing functionality, affec

CVE-2025-47873 MEDIUM
6.1 Mar 17

An out-of-bounds read vulnerability exists in Canva Affinity's EMF (Enhanced Metafile) file handling functionality, affe

Share

EUVD-2026-12616 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy