PT-2026-2776 · Adobe · Illustrator
Jann Horn
·
Published
2026-01-13
·
Updated
2026-02-21
·
CVE-2026-21280
CVSS v3.1
8.6
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Illustrator versions 29.8.3 through 30.0
Description
Illustrator versions 29.8.3 through 30.0 are subject to an Untrusted Search Path issue that may lead to arbitrary code execution with the privileges of the current user. This occurs when the application utilizes a search path to locate essential resources. An attacker could manipulate this search path to direct the application to execute a malicious program. Successful exploitation requires user interaction, specifically opening a malicious file.
Recommendations
Illustrator version 30.1 and later should be used.
Illustrator versions prior to 30.1 should not be used.
Fix
Untrusted Search Path
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Illustrator