Skip to main content

Adobe Media Encoder EUVDEUVD-2026-44446

| CVE-2026-48366 HIGH
Out-of-bounds Write (CWE-787)
2026-07-14 adobe GHSA-g3xr-8x2q-36jr
7.8
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

File-open exploitation gives local vector and UI:R; no attacker privileges needed (PR:N); arbitrary code execution as current user yields high C/I/A with unchanged scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (adobe).

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:16 vuln.today
CVE Published
Jul 14, 2026 - 19:58 cve.org
HIGH 7.8

DescriptionCVE.org

Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe Media Encoder is possible through an out-of-bounds write triggered when a victim opens a maliciously crafted media file, running attacker code in the context of the current user. The flaw was reported by Adobe and is addressed in advisory APSB26-72; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious media/project file
Delivery
Deliver file to victim (email/shared asset)
Exploit
Victim opens file in Media Encoder
Execution
Trigger out-of-bounds write in parser
Persist
Corrupt memory and hijack execution
Impact
Run arbitrary code as current user

Vulnerability AssessmentAI

Exploitation Exploitation requires that a victim open or import a specifically crafted malicious file in Adobe Media Encoder (UI:R) - this user interaction is the essential precondition. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - meaning local attack vector, low complexity, no privileges required, but mandatory user interaction, with high impact across C/I/A. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious media or project file that triggers the out-of-bounds write and distributes it to a target (e.g., as a client deliverable, shared asset, or email attachment). When the victim opens or imports the file in Adobe Media Encoder, memory corruption is triggered and attacker-supplied code executes with the victim's privileges. …
Remediation Apply the update referenced in Adobe security advisory APSB26-72 (https://helpx.adobe.com/security/products/media-encoder/apsb26-72.html) - Patch available per vendor advisory; the exact fixed version is not specified in the provided data, so obtain the target build directly from that advisory or via the Creative Cloud desktop app's update mechanism. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all systems running Adobe Media Encoder across the organization and disable the application on non-essential machines; notify media production and creative teams of the vulnerability and instruct them to reject media files from unexpected senders. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44446 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy