{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27301", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-02-18T22:02:41.399Z", "datePublished": "2026-04-14T22:58:13.588Z", "dateUpdated": "2026-04-15T17:30:38.862Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Adobe Framemaker", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "2022.8", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-04-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-14T22:58:13.588Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Adobe Framemaker | Heap-based Buffer Overflow (CWE-122)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T17:29:48.371098Z", "id": "CVE-2026-27301", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:30:38.862Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:framemaker:*:*:*:*:*:*:*:*", "matchCriteriaId": "6943B816-3A7D-47BF-9E01-DF86C9332C19", "versionEndExcluding": "2022.9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-27301", "lastModified": "2026-04-15T17:33:11.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-04-14T23:16:27.397", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/framemaker/apsb26-36.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2022.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Adobe Framemaker", "source": "cna", "vendor": "Adobe"}, "product": "framemaker", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-15T00:23:45.661996+00:00", "value": {"mitigation_remediation": ["Check Adobe\u2019s security advisories for any available update to Adobe Framemaker and install it promptly", "If no patch is available, restrict users from opening unknown or untrusted files that were not formatted in a timely manner", "Consider disabling or removing the affected Framemaker application until a vendor fix is released, or downgrade to a version that is not vulnerable"], "summary": {"action": "Apply Patch", "impact": "Memory exposure (information disclosure)"}, "threat_synthesis": {"affected_systems": "Adobe Framemaker products released in 2022.8 or earlier are affected. All users of these versions should verify whether they have the vulnerable release.", "description_and_impact": "A heap-based buffer overflow in Adobe Framemaker versions 2022.8 and earlier can cause memory contents to be exposed, allowing an attacker to read sensitive data stored in memory. This weakness is identified as CWE\u2011122 and does not provide a direct path to arbitrary code execution but can leak confidential information if exploited.", "risk_and_exploitability": "The vulnerability has a CVSS score of 5.5, indicating moderate severity, and no EPSS value is available. It is not listed in the CISA KEV catalog. Exploitation requires user interaction; a victim must open a malicious file, suggesting the attack vector is typically local or remote via file sharing. Because of the need for user action, the immediate risk is lower compared to remote exploits, but uncontrolled disclosure of memory data remains a concern if the file is run."}}}}, "created": "2026-04-15T14:31:57.019932+00:00", "updated": "2026-04-15T14:53:47.721671+00:00", "vendors": ["adobe", "adobe$PRODUCT$framemaker"]}