CVE-2026-27299

low-risk

Published 2026-04-14

Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to access sensitive files or data on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.3/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Framemaker

Affected Vendors

Adobe

References (1)

Vendor Advisory https://helpx.adobe.com/security/products/framemaker/apsb26-36.html

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal