PT-2026-2773 · Adobe · Indesign Desktop
Jann Horn
·
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2026-21276
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
InDesign Desktop versions 19.5.5 and earlier
InDesign Desktop version 21.0
Description
InDesign Desktop versions 19.5.5 and 21.0 are susceptible to an Access of Uninitialized Pointer issue. Successful exploitation of this issue could lead to arbitrary code execution with the privileges of the current user. User interaction is required, specifically, a user must open a malicious file for exploitation to occur.
Recommendations
Update InDesign Desktop to a version later than 21.0.
Update InDesign Desktop to a version later than 19.5.5.
Fix
Access of Uninitialized Pointer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Indesign Desktop