Cyber Posture

CVE-2026-22882

MediumPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0001 2.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22882 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the CVE by requiring timely remediation of the out-of-bounds read flaw in Canva Affinity's EMF parser through patches or updates.

SI-10 Information Input Validation good match
prevent

Requires validation of EMF file inputs to detect and reject specially crafted malformed files that trigger the out-of-bounds read.

SI-16 Memory Protection partial match
prevent

Implements runtime memory protections that limit the scope and impact of out-of-bounds reads, reducing potential sensitive information disclosure.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

OOB read triggered by opening crafted local EMF file directly maps to malicious file user execution for info disclosure.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Deeper analysisAI

CVE-2026-22882 is an out-of-bounds read vulnerability (CWE-125) in the EMF functionality of Canva Affinity. Published on 2026-03-17, it can be exploited by processing a specially crafted EMF file, potentially leading to the disclosure of sensitive information. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L).

An attacker with local access can exploit this vulnerability by tricking a user into opening a malicious EMF file through Canva Affinity, requiring no privileges but relying on user interaction. Successful exploitation enables an out-of-bounds read, achieving high-impact confidentiality loss such as sensitive data disclosure, with no integrity impact and only low availability disruption.

Advisories from Talos Intelligence (TALOS-2025-2325) and Canva's trust center provide additional details on the vulnerability, including potential mitigation guidance.

Details

CWE(s)
CWE-125

Affected Products

canva
affinity
≤ 3.1.0

CVEs Like This One

CVE-2025-64735Same product: Canva Affinity
CVE-2025-65119Same product: Canva Affinity
CVE-2025-62500Same product: Canva Affinity
CVE-2025-62403Same product: Canva Affinity
CVE-2026-20726Same product: Canva Affinity
CVE-2025-61979Same product: Canva Affinity
CVE-2025-66503Same product: Canva Affinity
CVE-2025-64733Same product: Canva Affinity
CVE-2025-66617Same product: Canva Affinity
CVE-2025-58427Same product: Canva Affinity

References