Cyber Resilience

CVE-2026-34687

High

Published: 12 May 2026

Published
12 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34687 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Adobe Illustrator. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

more

open a malicious file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Heap buffer overflow enables arbitrary code execution triggered by opening a malicious file, directly mapping to user execution of malicious file.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34630Same product: Apple Macos
CVE-2025-21160Same product: Adobe Illustrator
CVE-2026-34618Same product: Adobe Illustrator
CVE-2025-27168Same product: Adobe Illustrator
CVE-2026-27238Same product: Apple Macos
CVE-2025-27169Same product: Adobe Illustrator
CVE-2026-27310Same product: Apple Macos
CVE-2025-21159Same product: Adobe Illustrator
CVE-2025-21163Same product: Adobe Illustrator
CVE-2026-27312Same product: Apple Macos

Affected Assets

adobe
illustrator
29.0 — 29.8.7 · 30.0 — 30.4

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References