Cyber Resilience

CVE-2026-27287

High

Published: 14 April 2026

Published
14 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27287 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Adobe Incopy. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27287 is an out-of-bounds read vulnerability (CWE-125) affecting Adobe InCopy versions 20.5.2, 21.2, and earlier. The flaw arises during the parsing of a crafted file, which can cause a read past the end of an allocated memory structure. Published on 2026-04-14, it has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), rated as high severity.

Exploitation requires an attacker to deliver a malicious file to a victim, who must then open it with the affected InCopy version, necessitating user interaction and local access but no privileges. Low attack complexity enables remote attackers to craft such files for distribution via email, shared drives, or other vectors. Successful exploitation allows arbitrary code execution in the context of the current user, potentially leading to full system compromise including high impacts on confidentiality, integrity, and availability.

Adobe Security Bulletin APSB26-33 provides details on mitigations and patches, available at https://helpx.adobe.com/security/products/incopy/apsb26-33.html.

EU & UK References

Vulnerability details

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute…

more

code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds read in file parser directly enables T1203 (Exploitation for Client Execution) for arbitrary code execution; crafted file delivery and user open action map to T1204.002 (Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21281Same product: Adobe Incopy
CVE-2026-34631Same product: Adobe Incopy
CVE-2026-27269Same product: Apple Macos
CVE-2026-21325Same product: Apple Macos
CVE-2025-21156Same product: Adobe Incopy
CVE-2025-27161Same product: Apple Macos
CVE-2026-21324Same product: Apple Macos
CVE-2026-27284Same product: Apple Macos
CVE-2026-21344Same product: Apple Macos
CVE-2026-21343Same product: Apple Macos

Affected Assets

adobe
incopy
≤ 20.5.3 · 21.0 — 21.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the out-of-bounds read vulnerability by requiring timely remediation through application of Adobe patches for affected InCopy versions.

prevent

Implements memory protections like ASLR, DEP, and stack guards that prevent exploitation of the out-of-bounds read for arbitrary code execution.

preventdetect

Deploys malicious code protection mechanisms to scan and block crafted malicious files targeting the InCopy parsing vulnerability before execution.

References