Adobe InCopy versions 20.5.2 and earlier: Malicious File Can Execute Code as You

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Adobe InCopy versions 20.5.2 and earlier: Malicious File Can Execute Code as You

CVE-2026-27287

Summary

Adobe InCopy versions 20.5.2 and earlier have a security issue that could allow a malicious file to run code on your system if you open it. This could happen if you unknowingly open a file that was sent to you by someone trying to take control of your computer. To stay safe, update your InCopy software to the latest version.

Original title

Original description

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd CVSS3.1 7.8

Vulnerability type

CWE-125 Out-of-bounds Read

https://helpx.adobe.com/security/products/incopy/apsb26-33.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026