Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Adobe InDesign allows malicious files to run code on your computer
CVE-2026-27291
Summary
Adobe InDesign versions 20.5.2 and earlier have a security flaw that lets hackers write malicious code to your computer if you open a bad file. This requires you to open the file yourself, so it's not a way for someone to hack into your computer without your action. Update to a newer version of InDesign to fix this issue.
Original title
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio...
Original description
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
nvd CVSS3.1
7.8
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026