{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22882", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2026-01-14T15:54:58.484Z", "datePublished": "2026-03-17T18:52:25.119Z", "dateUpdated": "2026-03-18T17:00:25.597Z"}, "containers": {"cna": {"affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"version": "3.0.1.3808", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:25.597Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:39.506Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:54:34.412719Z", "id": "CVE-2026-22882", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:54:52.087Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:39.506Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22882", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:54:34.412719Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:54:41.786Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"status": "affected", "version": "3.0.1.3808"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:25.597Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22882", "state": "PUBLISHED", "dateUpdated": "2026-03-18T17:00:25.597Z", "dateReserved": "2026-01-14T15:54:58.484Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-17T18:52:25.119Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4C0FE26D-7256-455B-86B0-D69621C80C02", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de lectura fuera de l\u00edmites existe en la funcionalidad EMF de Canva Affinity. Al usar un archivo EMF especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para realizar una lectura fuera de l\u00edmites, lo que podr\u00eda llevar a la divulgaci\u00f3n de informaci\u00f3n sensible."}], "id": "CVE-2026-22882", "lastModified": "2026-03-19T12:06:30.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T19:16:00.780", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}, {"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2325"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.1.0 (March 26))"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Affinity", "source": "cna", "vendor": "Canva"}, "product": "affinity", "vendor": "canva"}], "analysis": {"en": {"generated_at": "2026-03-19T13:25:44.457587+00:00", "value": {"mitigation_remediation": ["Check Canva Affinity official support or website for an update that addresses this vulnerability.", "Update Canva Affinity to the latest patched version as soon as it becomes available.", "If no patch is available, avoid opening untrusted EMF files and consider disabling EMF file support in the application if an option exists.", "Implement email and file\u2011attachment filtering to block or quarantine suspicious image files.", "Monitor system logs for crashes or anomalous memory access patterns that could indicate exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Disclosure via Out-of-Bounds Read"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Canva Affinity running on Windows platforms. The CPE data (cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*) indicates the product but does not specify individual versions, meaning that all current releases of Canva Affinity on Windows could be impacted unless a vendor patch has already addressed the flaw.", "description_and_impact": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By supplying a specially crafted EMF file, an attacker can trigger the application to read beyond the boundaries of a buffer, potentially exposing confidential data. The weakness is mapped to CWE-125, which denotes an array index error leading to memory corruption.", "risk_and_exploitability": "The CVSS base score of 6.1 places this issue in the moderate severity range. The EPSS score of less than 1% suggests a low likelihood of exploitation, and the vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires a malicious EMF file to be opened by the target, implying a local or user\u2011initiated attack vector; no remote network entry point is defined in the description."}}}}, "created": "2026-03-18T12:12:57.898008+00:00", "title": "Canva Affinity Out-of-Bounds Read via EMF File Leading to Sensitive Information Disclosure", "updated": "2026-03-24T10:48:52.662189+00:00", "vendors": ["canva", "canva$PRODUCT$affinity"]}