Skip to main content

Adobe After Effects EUVDEUVD-2026-44467

| CVE-2026-48367 HIGH
Out-of-bounds Write (CWE-787)
2026-07-14 adobe GHSA-fhjh-7fwr-rp99
7.8
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local file-open exploitation gives AV:L and UI:R with no attacker auth (PR:N); memory-corruption RCE in the user context yields full C/I/A impact with unchanged scope.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (adobe).

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:16 vuln.today
CVE Published
Jul 14, 2026 - 20:07 cve.org
HIGH 7.8

DescriptionCVE.org

After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe After Effects arises from an out-of-bounds write (CWE-787) that runs in the context of the current user when a victim opens a maliciously crafted project or media file. Adobe (via advisory APSB26-78) confirms the flaw; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious After Effects file
Delivery
Deliver to victim via social engineering
Exploit
Victim opens file in After Effects
Execution
Trigger out-of-bounds write in parser
Persist
Corrupt memory to hijack control flow
Impact
Execute arbitrary code as current user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open an attacker-crafted malicious file in Adobe After Effects - this user interaction (UI:R) is the explicit precondition stated in the CVE. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H = 7.8 High) shows full confidentiality, integrity and availability impact but constrained by a local attack vector and required user interaction - the attacker cannot reach this remotely and must convince a victim to open a malicious file. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious After Effects project or asset file that triggers the out-of-bounds write and emails or shares it with a motion designer under the guise of a legitimate collaboration or client deliverable. When the victim opens the file in After Effects, the corruption is triggered and arbitrary code executes with that user's privileges. …
Remediation Apply the update referenced in Adobe advisory APSB26-78 (https://helpx.adobe.com/security/products/after_effects/apsb26-78.html) via the Creative Cloud desktop app or Adobe's update mechanism - the exact fixed version number is not included in the provided data and should be taken from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit all Adobe After Effects installations; restrict project file access to verified internal sources and disable external media auto-loading. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2020-3765 CRITICAL
9.8 Feb 20

Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS

CVE-2021-28571 HIGH
8.8 Sep 08

Adobe After Effects version 18.1 (and earlier) is affected by a potential Command injection vulnerability when chained w

CVE-2021-28570 HIGH
8.6 Jun 28

Adobe After Effects version 18.1 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. Rated h

CVE-2025-27183 HIGH
7.8 Apr 08

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i

CVE-2025-27182 HIGH
7.8 Apr 08

After Effects versions 25.1, 24.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i

CVE-2026-34644 HIGH
7.8 May 12

After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that cou

CVE-2026-34643 HIGH
7.8 May 12

After Effects versions 26.0, 25.6.4 and earlier are affected by an out-of-bounds write vulnerability that could result i

CVE-2026-34642 HIGH
7.8 May 12

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could re

CVE-2026-21325 HIGH
7.8 Feb 10

Arbitrary code execution in Adobe After Effects 25.6 and earlier results from an out-of-bounds read vulnerability trigge

CVE-2026-21324 HIGH
7.8 Feb 10

Code execution in Adobe After Effects 25.6 and earlier through out-of-bounds memory reads when processing malicious file

CVE-2026-21322 HIGH
7.8 Feb 10

Out-of-bounds memory reads in Adobe After Effects 25.6 and earlier enable arbitrary code execution when users open speci

CVE-2026-21351 HIGH
7.8 Feb 10

Arbitrary code execution in Adobe After Effects 25.6 and earlier through a use-after-free memory vulnerability requires

Share

EUVD-2026-44467 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy