{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21313", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-12-12T22:01:18.193Z", "datePublished": "2026-02-10T17:45:13.138Z", "dateUpdated": "2026-02-11T15:19:20.194Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Audition", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "25.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "NONE", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T17:45:13.138Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Audition | Out-of-bounds Read (CWE-125)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-11T15:19:08.797426Z", "id": "CVE-2026-21313", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:19:20.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-11T15:19:08.797426Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-11T15:19:15.450Z"}}], "cna": {"title": "Audition | Out-of-bounds Read (CWE-125)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Audition", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "25.3"}], "defaultStatus": "affected"}], "datePublic": "2026-02-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-bounds Read (CWE-125)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T17:45:13.138Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21313", "state": "PUBLISHED", "dateUpdated": "2026-02-11T15:19:20.194Z", "dateReserved": "2025-12-12T22:01:18.193Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-02-10T17:45:13.138Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3D84C83-FC42-4BB7-8468-F8063EDF40F4", "versionEndExcluding": "25.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Audition versions 25.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-21313", "lastModified": "2026-02-11T15:57:50.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-02-10T18:16:28.417", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,25.3]"}}], "product": "audition", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-17T20:42:54.486192+00:00", "value": {"mitigation_remediation": ["Upgrade to Adobe Audition 26.0 or newer to apply the official fix.", "Avoid opening audio files from untrusted or unknown sources.", "Run a reputable antivirus or anti\u2011malware solution to scan media prior to opening."], "summary": {"action": "Patch Audition", "impact": "Sensitive information disclosure via memory exposure"}, "threat_synthesis": {"affected_systems": "Adobe Audition is affected. All builds through version 25.3 are vulnerable; versions 26.0 and later include the fix and are not impacted.", "description_and_impact": "Audition versions 25.3 and earlier contain an out\u2011of\u2011bounds read that allows a maliciously crafted file to reveal data stored in memory. The flaw could disclose confidential information such as passwords, cryptographic keys, or other secrets that reside in the process address space. The vulnerability affects confidentiality and could be used as a precursor to other attacks when the exposed data is valuable to an adversary.", "risk_and_exploitability": "The attack requires user interaction \u2013 a victim must open a malicious audio file. CVSS score of 5.5 indicates moderate risk, and the EPSS score is less than 1\u202f% suggesting a low probability of exploitation. The issue is not listed in the CISA Known Exploited Vulnerabilities catalog, implying no currently known active exploitation. Attack vectors are local and file\u2011based; mitigation involves preventing the execution of unknown files or updating to a patched revision."}}}}, "created": "2026-02-10T21:41:53.855073+00:00", "updated": "2026-04-17T20:45:25.772957+00:00", "vendors": ["adobe", "adobe$PRODUCT$audition"]}