Skip to main content

Adobe Bridge EUVDEUVD-2026-44497

| CVE-2026-48311 HIGH
Out-of-bounds Write (CWE-787)
2026-07-14 adobe GHSA-35r6-wcp2-v9mw
7.8
CVSS 3.1 · Vendor: adobe
Share

Severity by source

Vendor (adobe) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

File must be opened locally by the user so AV:L and UI:R; no prior privileges needed (PR:N), and memory-corruption RCE yields full C/I/A impact within the user's context (S:U).

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (adobe).

CVSS VectorVendor: adobe

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:45 vuln.today
CVE Published
Jul 14, 2026 - 20:35 nvd
HIGH 7.8

DescriptionCVE.org

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

AnalysisAI

Arbitrary code execution in Adobe Bridge results from an out-of-bounds write (CWE-787) that a victim triggers by opening a malicious file, running attacker-supplied code with the privileges of the current user. The flaw is local (AV:L) and requires user interaction, so it is a client-side, file-borne bug rather than a remotely reachable service vulnerability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious asset file
Delivery
Deliver via email or shared asset pack
Exploit
Victim opens file in Adobe Bridge
Execution
Trigger out-of-bounds write during parsing
Persist
Corrupt memory and hijack control flow
Impact
Execute arbitrary code as current user

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to open a malicious, attacker-crafted file in Adobe Bridge (UI:R in the CVSS vector) - the code executes only in the context of that current user, with no privilege escalation across a scope boundary (S:U). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H - local attack vector, low complexity, no privileges, but user interaction required, with full confidentiality, integrity, and availability impact and no scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious asset file (for example an image or media file) that triggers the out-of-bounds write when parsed by Adobe Bridge, and delivers it via email, a shared drive, or a downloaded asset pack. A designer opens or previews the file in Bridge, the corrupted memory write hijacks execution, and attacker code runs with that user's privileges. …
Remediation Patch available per vendor advisory: update Adobe Bridge to the fixed release documented in Adobe Security Bulletin APSB26-81 (https://helpx.adobe.com/security/products/bridge/apsb26-81.html); apply the update through the Creative Cloud desktop app or Adobe's update channel and confirm the exact patched build number from that advisory, as the input data does not include an explicit fix version. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Adobe Bridge installations and confirm patch deployment readiness; within 7 days: apply security update per advisory APSB26-81 to all affected Bridge instances, prioritizing systems that handle external files; within 30 days: conduct user awareness training on file-based malware risks and validate patch compliance across the environment.

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44497 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy