Cyber Posture

CVE-2026-27269

High

Published: 10 March 2026

Published
10 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27269 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Adobe Premiere Pro. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 8.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Flaw remediation requires timely identification, reporting, and patching of vulnerabilities like CVE-2026-27269 in Adobe Premiere Pro, directly eliminating the out-of-bounds read exploit.

SI-16 Memory Protection good match
prevent

Memory protection safeguards such as ASLR and DEP prevent unauthorized code execution from out-of-bounds reads past allocated structures during file parsing.

SI-3 Malicious Code Protection partial match
preventdetect

Malicious code protection scans crafted files for exploits and blocks resulting arbitrary code execution in the context of the current user.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Out-of-bounds read in file parser enables arbitrary code execution after user opens crafted malicious file (T1204.002), directly matching client-side exploitation (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Premiere Pro versions 25.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute…

more

code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Deeper analysisAI

CVE-2026-27269 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe Premiere Pro versions 25.5 and earlier. The issue arises when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

An attacker can exploit this vulnerability by tricking a victim into opening a malicious file, requiring user interaction. Successful exploitation allows arbitrary code execution in the context of the current user. The CVSS v3.1 base score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting a high-impact attack vector with low attack complexity, no privileges required, and unchanged scope.

Adobe's security bulletin APSB26-28 addresses this vulnerability and is available at https://helpx.adobe.com/security/products/premiere_pro/apsb26-28.html.

Details

CWE(s)
CWE-125

Affected Products

adobe
premiere pro
≤ 25.6

CVEs Like This One

CVE-2026-27287Same product: Apple Macos
CVE-2026-27289Same product: Apple Macos
CVE-2026-21325Same product: Apple Macos
CVE-2025-27161Same product: Apple Macos
CVE-2026-21322Same product: Apple Macos
CVE-2026-21345Same product: Apple Macos
CVE-2026-27284Same product: Apple Macos
CVE-2026-21343Same product: Apple Macos
CVE-2026-21344Same product: Apple Macos
CVE-2026-21324Same product: Apple Macos

References