{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21346", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2025-12-12T22:01:18.201Z", "datePublished": "2026-02-10T18:24:38.877Z", "dateUpdated": "2026-02-26T14:44:30.157Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Bridge", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "16.0.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-02-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T18:24:38.877Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/bridge/apsb26-21.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Bridge | Out-of-bounds Write (CWE-787)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21346", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:30.699106Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T14:44:30.157Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21346", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:30.699106Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T18:47:41.447Z"}}], "cna": {"title": "Bridge | Out-of-bounds Write (CWE-787)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 7.8, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 7.8, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Bridge", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "16.0.1"}], "defaultStatus": "affected"}], "datePublic": "2026-02-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-21.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write (CWE-787)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-02-10T18:24:38.877Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21346", "state": "PUBLISHED", "dateUpdated": "2026-02-26T14:44:30.157Z", "dateReserved": "2025-12-12T22:01:18.201Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-02-10T18:24:38.877Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "04D9B9D5-6B63-4ECB-8971-7ADB6853D4E2", "versionEndExcluding": "15.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A25A3B1-8324-4C2B-9583-A6A8CC88CA3A", "versionEndExcluding": "16.0.2", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-21346", "lastModified": "2026-02-11T17:15:14.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-02-10T19:15:57.657", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/bridge/apsb26-21.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,16.0.1]"}}], "product": "bridge", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-18T18:12:18.730449+00:00", "value": {"mitigation_remediation": ["Install the latest Adobe Bridge update (17 or later) to apply the out-of-bounds write fix.", "If an update cannot be applied immediately, block Adobe Bridge from automatically opening unknown or untrusted file types by removing file type associations or disabling preview features in the operating system or within Bridge.", "Provide user training to verify the legitimacy of files before opening them and encourage the use of email attachment scanning and endpoint protection to prevent delivery of malicious files."], "summary": {"action": "Patch", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "The affected product is Adobe Bridge operating on macOS and Windows. Vulnerable releases are 15.1.3, 16.0.1 and earlier; based on the description, it is inferred that newer Bridge releases are not impacted.", "description_and_impact": "Adobe Bridge versions 15.1.3, 16.0.1 and earlier contain an out-of-bounds write that corrupts memory while parsing a file, giving an attacker the ability to execute arbitrary code in the context of the current user. The vulnerability is a classic memory corruption flaw (CWE-787) that can compromise confidentiality, integrity and availability of the affected system.", "risk_and_exploitability": "The CVSS score is 7.8, indicating high severity. The EPSS score is less than 1\u202f%, suggesting a low probability of active exploitation, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a victim to open a malicious file\u2014typically delivered via email attachment, download or other file-transfer mechanisms. Successful exploitation grants the attacker arbitrary code execution as the current user."}}}}, "created": "2026-02-10T21:33:26.448168+00:00", "updated": "2026-04-18T18:15:06.618048+00:00", "vendors": ["adobe", "adobe$PRODUCT$bridge"]}