Cyber Posture

CVE-2026-27293

High

Published: 14 April 2026

Published
14 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27293 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Adobe Framemaker. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the heap-based buffer overflow vulnerability in Adobe FrameMaker by identifying, reporting, and applying vendor-provided patches in a timely manner.

SI-16 Memory Protection good match
prevent

Implements memory protections such as address space layout randomization (ASLR) and data execution prevention (DEP) that mitigate heap buffer overflow exploits preventing arbitrary code execution.

SI-3 Malicious Code Protection partial match
preventdetect

Deploys malicious code protection mechanisms with real-time scanning to detect and block malicious files crafted to trigger the buffer overflow upon opening in FrameMaker.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Heap overflow in file parsing directly enables client-side RCE (T1203) when a user opens a crafted malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

more

open a malicious file.

Deeper analysisAI

CVE-2026-27293 is a heap-based buffer overflow vulnerability (CWE-122) affecting Adobe FrameMaker versions 2022.8 and earlier. The issue resides in the software's handling of certain files, potentially leading to arbitrary code execution in the context of the current user.

Exploitation requires local access (AV:L) and user interaction (UI:R), with low attack complexity (AC:L) and no privileges needed (PR:N). An attacker can craft a malicious file that, when opened by a victim using a vulnerable version of FrameMaker, triggers the buffer overflow and achieves arbitrary code execution with the current user's privileges, resulting in high confidentiality, integrity, and availability impacts (C:H/I:H/A:H). The CVSS v3.1 base score is 7.8.

Adobe has published Security Bulletin APSB26-36 with details on the vulnerability at https://helpx.adobe.com/security/products/framemaker/apsb26-36.html.

Details

CWE(s)
CWE-122

Affected Products

adobe
framemaker
≤ 2022.9

CVEs Like This One

CVE-2026-27295Same product: Adobe Framemaker
CVE-2026-27296Same product: Adobe Framemaker
CVE-2026-27297Same product: Adobe Framemaker
CVE-2026-27298Same product: Adobe Framemaker
CVE-2026-27292Same product: Adobe Framemaker
CVE-2026-27271Same product: Microsoft Windows
CVE-2026-27294Same product: Adobe Framemaker
CVE-2026-27290Same product: Adobe Framemaker
CVE-2026-27238Same product: Microsoft Windows
CVE-2026-27310Same product: Microsoft Windows

References