CVE-2026-34707 – Adobe InCopy
CVSS 7.8
IMPORTANT
High with EoP or RCE – Expedited Deployment
“A malicious file can turn a publishing workflow into a code execution risk.”
Adobe patched three High severity vulnerabilities in InCopy versions 21.3, 20.5.3, and earlier. CVE-2026-34706, CVE-2026-34707, and CVE-2026-34708 each have a CVSS score of 7.8, which is High severity.
The vulnerabilities include out-of-bounds write, heap-based buffer overflow, and stack-based buffer overflow issues. Successful exploitation could allow arbitrary code execution in the context of the current user. Exploitation requires user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Adobe Incopy
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-122
Patch this CVE on all your endpoints in under 5 minutes.
First 200 endpoints are free forever, scale as needed.