Cyber Posture

CVE-2026-27297

High

Published: 14 April 2026

Published
14 April 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27297 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Adobe Framemaker. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely application of vendor patches for the integer underflow vulnerability in Adobe Framemaker directly prevents arbitrary code execution upon opening malicious files.

SI-16 Memory Protection partial match
prevent

Memory protections such as DEP and ASLR mitigate the impact of arbitrary code execution resulting from the integer underflow wraparound in Framemaker.

SI-3 Malicious Code Protection partial match
preventdetect

Malicious code protection mechanisms scan and block malicious Framemaker files exploiting this vulnerability before user interaction.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Integer underflow in desktop app leads to arbitrary code execution triggered by opening malicious file (user interaction required), directly enabling client-side exploitation and malicious file execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a…

more

victim must open a malicious file.

Deeper analysisAI

CVE-2026-27297 is an Integer Underflow (Wrap or Wraparound) vulnerability, classified as CWE-191, affecting Adobe Framemaker versions 2022.8 and earlier. The flaw resides in the software and could result in arbitrary code execution in the context of the current user.

Exploitation requires user interaction, specifically a victim opening a malicious file. An attacker with local access (AV:L), no privileges (PR:N), and low attack complexity (AC:L) can leverage this to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 7.8 (S:U). The vulnerability was published on 2026-04-14T23:16:26.770.

Adobe's security advisory provides details on mitigation, available at https://helpx.adobe.com/security/products/framemaker/apsb26-36.html.

Details

CWE(s)
CWE-191

Affected Products

adobe
framemaker
≤ 2022.9

CVEs Like This One

CVE-2026-27296Same product: Adobe Framemaker
CVE-2026-27295Same product: Adobe Framemaker
CVE-2026-27298Same product: Adobe Framemaker
CVE-2026-27293Same product: Adobe Framemaker
CVE-2026-27292Same product: Adobe Framemaker
CVE-2026-27294Same product: Adobe Framemaker
CVE-2025-21135Same product: Microsoft Windows
CVE-2025-21156Same product: Microsoft Windows
CVE-2026-27290Same product: Adobe Framemaker
CVE-2025-21158Same product: Microsoft Windows

References