Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
InDesign: Opening a malicious file can run bad code on your computer
CVE-2026-27283
Summary
If you use InDesign Desktop versions 20.5.2 or earlier, opening a malicious file could let an attacker run code on your computer with your user permissions. This could potentially lead to unauthorized changes or data theft. Update to the latest version of InDesign to fix this issue.
Original title
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t...
Original description
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
nvd CVSS3.1
7.8
Vulnerability type
CWE-416
Use After Free
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026