CVE-2026-27296
Published: 14 April 2026
Summary
CVE-2026-27296 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Adobe Framemaker. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the integer underflow vulnerability by requiring identification, reporting, and timely remediation through patching as addressed in Adobe Security Bulletin APSB26-36.
Implements memory protections like ASLR, DEP, and stack canaries that prevent arbitrary code execution from integer underflow exploits in FrameMaker.
Deploys malicious code protection mechanisms such as antivirus scanning to block or detect malicious FrameMaker files crafted to exploit the integer underflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer underflow in client-side desktop app (FrameMaker) enables arbitrary code execution triggered by opening a malicious local file, directly mapping to T1203 (Exploitation for Client Execution) and T1204.002 (User Execution: Malicious File).
NVD Description
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…
more
victim must open a malicious file.
Deeper analysisAI
CVE-2026-27296 is an Integer Underflow (Wrap or Wraparound) vulnerability, mapped to CWE-191, affecting Adobe FrameMaker versions 2022.8 and earlier. Published on 2026-04-14, the flaw resides in the software's handling of certain inputs, potentially leading to arbitrary code execution in the context of the current user.
The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating it requires local access, low attack complexity, no privileges, and user interaction via opening a malicious file. An attacker who can convince a victim to open such a file on a local system can achieve high-impact arbitrary code execution, compromising confidentiality, integrity, and availability within the user's privileges.
Adobe has issued Security Bulletin APSB26-36 addressing this issue, available at https://helpx.adobe.com/security/products/framemaker/apsb26-36.html.
Details
- CWE(s)