EUVD-2026-22778

| CVE-2026-27290 HIGH
2026-04-14 [email protected]
RCE Adobe
8.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 15, 2026 - 01:10 vuln.today

DescriptionNVD

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

AnalysisAI

Arbitrary code execution in Adobe FrameMaker 2022.8 and earlier via DLL hijacking/search path manipulation allows local attackers to run malicious code in user context without interaction. CVSS 8.6 severity stems from changed scope and high confidentiality/integrity/availability impact despite local attack vector. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all systems running Adobe FrameMaker 2022.8 or earlier and isolate high-risk endpoints if patching cannot be completed immediately. Within 7 days: Apply vendor-released patch per Adobe Security Bulletin APSB26-36 to all affected FrameMaker installations; verify patch deployment across the organization. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-22778 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy