CVE-2026-27290Untrusted Search Path in Adobe Framemaker

CWE-426Untrusted Search Path3 documents3 sources
Severity
8.6HIGHNVD
EPSS
0.0%
top 93.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Framemaker
Timeline
PublishedApr 14
Latest updateApr 15

Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages1 packages

CVEListV5adobe/adobe_framemaker2022.8

🔴Vulnerability Details

2
GHSA
GHSA-9qfg-pjw2-8grg: Adobe Framemaker versions 20222026-04-15
CVEList
Adobe Framemaker | Untrusted Search Path (CWE-426)2026-04-14
CVE-2026-27290 — Untrusted Search Path in Adobe | cvebase