CVE-2026-21278

CWE-125Out-of-bounds Read4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 91.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe IndesignAdobe Indesign Desktop
Timeline
PublishedJan 13

Description

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5adobe/indesign_desktop19.5.5
NVDadobe/indesign21.021.1+1

🔴Vulnerability Details

2
GHSA
GHSA-93jc-mx98-cgc8: InDesign Desktop versions 212026-01-13
CVEList
InDesign Desktop | Out-of-bounds Read (CWE-125)2026-01-13

🕵️Threat Intelligence

1
Wiz
CVE-2026-21278 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21278 (MEDIUM CVSS 5.5) | InDesign Desktop versions 21.0 | cvebase.io