Adobe InDesign: Open malicious file to execute code as the user

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Adobe InDesign: Open malicious file to execute code as the user

CVE-2026-27284

Summary

Adobe InDesign versions 20.5.2 and earlier are at risk if a user opens a specially crafted file. This could allow an attacker to run malicious code on the user's computer. To protect yourself, make sure you're running the latest version of InDesign.

Original title

Original description

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd CVSS3.1 7.8

Vulnerability type

CWE-125 Out-of-bounds Read

https://helpx.adobe.com/security/products/indesign/apsb26-32.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026