CVE-2026-34706 – Adobe InCopy

CVSS 7.8 IMPORTANT High with EoP or RCE – Expedited Deployment

“A malicious file can turn a publishing workflow into a code execution risk.”

Adobe patched three High severity vulnerabilities in InCopy versions 21.3, 20.5.3, and earlier. CVE-2026-34706, CVE-2026-34707, and CVE-2026-34708 each have a CVSS score of 7.8, which is High severity.

The vulnerabilities include out-of-bounds write, heap-based buffer overflow, and stack-based buffer overflow issues. Successful exploitation could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Adobe Incopy
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
CWE Classification
CWE-787
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.