Skip to main content

Creative Cloud Desktop

2 CVEs product

Monthly

CVE-2026-48272 HIGH This Week

Local arbitrary code execution in Adobe Creative Cloud Desktop lets a low-privileged user run code in the context of the current user by exploiting an uncontrolled search path (CWE-427) — the class of flaw where an application loads a library or executable from an attacker-influenced directory. Adobe (CVE-2026-48272) rates it CVSS 7.8, but the vector is local with high attack complexity and requires existing low-level privileges, and exploitation depends on conditions beyond the attacker's control. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a defense-in-depth patch rather than an emergency.

RCE Creative Cloud Desktop
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-48344 HIGH This Week

Local privilege escalation to arbitrary code execution affects the Adobe Creative Cloud Desktop application through a Time-of-check Time-of-use (TOCTOU) race condition, letting a low-privileged local attacker execute code and - because the CVSS scope is changed - impact resources beyond the initial security context. No user interaction is required, but the race is hard to win: exploitation depends on conditions beyond the attacker's control, reflected in the high attack complexity. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

RCE Creative Cloud Desktop
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Local arbitrary code execution in Adobe Creative Cloud Desktop lets a low-privileged user run code in the context of the current user by exploiting an uncontrolled search path (CWE-427) — the class of flaw where an application loads a library or executable from an attacker-influenced directory. Adobe (CVE-2026-48272) rates it CVSS 7.8, but the vector is local with high attack complexity and requires existing low-level privileges, and exploitation depends on conditions beyond the attacker's control. No public exploit identified at time of analysis and it is not listed in CISA KEV, so this is a defense-in-depth patch rather than an emergency.

RCE Creative Cloud Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation to arbitrary code execution affects the Adobe Creative Cloud Desktop application through a Time-of-check Time-of-use (TOCTOU) race condition, letting a low-privileged local attacker execute code and - because the CVSS scope is changed - impact resources beyond the initial security context. No user interaction is required, but the race is hard to win: exploitation depends on conditions beyond the attacker's control, reflected in the high attack complexity. At time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

RCE Creative Cloud Desktop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy