CVE-2026-34632

High

Published: 15 April 2026

Published

15 April 2026

Modified

22 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0001 0.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34632 is a high-severity Uncontrolled Search Path Element (CWE-427) vulnerability in Mitre (inferred from references). Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 0.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Path Interception by Search Order Hijacking (T1574.008). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the uncontrolled search path vulnerability by identifying, reporting, and correcting the flaw in the Adobe Photoshop Installer through timely patching.

CM-6 Configuration Settings good match

prevent

Enforces secure configuration settings for DLL search order and PATH environment variables, such as enabling Safe DLL Search Mode, to prevent loading of malicious code from manipulated paths.

SI-3 Malicious Code Protection good match

preventdetect

Deploys malicious code protection mechanisms to scan and block execution of unauthorized DLLs placed by a low-privileged attacker in searched paths during installer execution.

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth

Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.

attack.mitre.org →

Why these techniques?

The vulnerability is an uncontrolled search path element (CWE-427) in the Adobe Photoshop Installer that allows manipulation of the search path for critical resources to achieve arbitrary code execution; this directly maps to path interception by search order hijacking.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search…

path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

Deeper analysisAI

CVE-2026-34632 is an Uncontrolled Search Path Element vulnerability (CWE-427) affecting the Adobe Photoshop Installer. This flaw allows arbitrary code execution in the context of the current user by enabling manipulation of the search path the application uses to locate critical resources. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H) and was published on 2026-04-15.

A low-privileged local attacker can exploit this issue when a user runs the installer, which requires user interaction. By manipulating the search path, the attacker can cause the application to execute unauthorized code, potentially leading to full compromise of the user's session with high confidentiality, integrity, and availability impacts due to the elevated scope (S:C).

For mitigation details, refer to the CWE-427 definition at https://cwe.mitre.org/data/definitions/427.html and the Talos Intelligence advisory TALOS-2025-2274 at https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274.