{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21312", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-12-12T22:01:18.192Z", "datePublished": "2026-02-10T17:45:15.153Z", "dateUpdated": "2026-02-26T15:04:07.505Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "25.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T17:45:15.153Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Audition | Out-of-bounds Write (CWE-787)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21312", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:47.088004Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:07.505Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21312", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-12-12T22:01:18.192Z", "datePublished": "2026-02-10T17:45:15.153Z", "dateUpdated": "2026-02-25T15:53:09.206Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "25.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T17:45:15.153Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Audition | Out-of-bounds Write (CWE-787)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21312", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:47.088004Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:43:50.455Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3D84C83-FC42-4BB7-8468-F8063EDF40F4", "versionEndExcluding": "25.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-21312", "lastModified": "2026-02-11T15:57:42.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:28.257", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,25.3]"}}], "product": "audition", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-18T12:49:44.493681+00:00", "value": {"mitigation_remediation": ["Apply the Adobe Audition security update that corrects the out\u2011of\u2011bounds write flaw, according to the official Adobe advisory.", "Until the patch is installed, avoid opening media files from untrusted or unknown sources and disable any automatic preview features if available.", "Maintain an up\u2011to\u2011date antivirus or antimalware solution that scans all files before they are processed by Audition, and keep the operating system and Adobe software regularly updated."], "summary": {"action": "Patch Now", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts Adobe Audition from the Adobe suite. Specifically, all releases up to and including version 25.3 are affected. No other products or versions are mentioned as impacted.", "description_and_impact": "Adobe Audition versions 25.3 and earlier contain an out\u2011of\u2011bounds write that can be triggered by a malicious file. The flaw allows an attacker to write to memory locations beyond the bounds of a buffer, potentially leading to the execution of arbitrary code in the context of the user who opens the file. The severity of the vulnerability, as reflected in a CVSS score of 7.8, underscores that any successful exploitation could compromise the integrity of the affected system.", "risk_and_exploitability": "Despite the low exploitation probability, the flaw allows code execution with the privileges of the logged\u2011in user. An attacker who successfully delivers a malicious media file could gain control over the system, potentially leading to data theft, ransomware deployment, or lateral movement. The lack of a public exploitation instance provides some breathing space, but the presence of a high CVSS score and the widespread use of Audition mean that administrators should treat the vulnerability as a high\u2011priority issue until a patch is applied."}}}}, "created": "2026-02-10T21:33:49.739411+00:00", "updated": "2026-04-18T13:00:08.725584+00:00", "vendors": ["adobe", "adobe$PRODUCT$audition"]}