Photoshop 27.4 and earlier: Malicious File Can Run Code on Your Computer

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Photoshop 27.4 and earlier: Malicious File Can Run Code on Your Computer

CVE-2026-27289

Summary

Photoshop Desktop versions 27.4 and earlier have a security flaw that can be exploited if you open a specially made file. This could let an attacker run code on your computer with your user permissions. Update to the latest version of Photoshop to fix this issue.

Original title

Original description

Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

nvd CVSS3.1 7.8

Vulnerability type

CWE-125 Out-of-bounds Read

https://helpx.adobe.com/security/products/photoshop/apsb26-40.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026