{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27271", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-02-18T22:02:41.387Z", "datePublished": "2026-03-10T22:56:44.569Z", "dateUpdated": "2026-03-11T13:08:15.042Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Illustrator", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "30.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-03-10T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 7.8, "environmentalSeverity": "HIGH", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "HIGH", "modifiedIntegrityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 7.8, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-10T22:56:44.569Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-18.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Illustrator | Heap-based Buffer Overflow (CWE-122)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T03:57:12.494588Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T13:08:15.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Illustrator | Heap-based Buffer Overflow (CWE-122)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 7.8, "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "HIGH", "availabilityImpact": "HIGH", "environmentalScore": 7.8, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "HIGH", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Illustrator", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "30.1"}], "defaultStatus": "affected"}], "datePublic": "2026-03-10T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/illustrator/apsb26-18.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow (CWE-122)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-03-10T22:56:44.569Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27271", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T03:57:12.494588Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-11T13:01:52.195Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-27271", "state": "PUBLISHED", "dateUpdated": "2026-03-10T22:56:44.569Z", "dateReserved": "2026-02-18T22:02:41.387Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-03-10T22:56:44.569Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "434133D9-8581-4CAB-837F-DD5DDA87235C", "versionEndExcluding": "29.8.5", "versionStartIncluding": "29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F0AF185-0F89-4C28-9594-03A31553CE24", "versionEndExcluding": "30.2", "versionStartIncluding": "30.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}, {"lang": "es", "value": "Las versiones de Illustrator 29.8.4, 30.1 y anteriores est\u00e1n afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basado en mont\u00edculo que podr\u00eda resultar en ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere interacci\u00f3n del usuario en el sentido de que una v\u00edctima debe abrir un archivo malicioso."}], "id": "CVE-2026-27271", "lastModified": "2026-03-11T17:11:22.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-03-10T23:16:44.257", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/illustrator/apsb26-18.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,30.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Illustrator", "source": "cna", "vendor": "Adobe"}, "product": "illustrator", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-16T03:02:27.036234+00:00", "value": {"mitigation_remediation": ["Install the Adobe Illustrator security update published in APSB26-18 to eliminate the heap\u2011based buffer overflow.", "Restrict or monitor the opening of unknown or suspicious files; use email attachment scanning to block malicious graphics.", "Run Adobe Illustrator with the lowest possible user privileges or in a sandboxed environment to limit the impact of potential exploitation."], "summary": {"action": "Patch Now", "impact": "Arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Adobe Illustrator installations that run on Microsoft Windows users of versions 29.8.4, 30.1, and earlier are affected; these versions are present on Windows desktops and workstations.", "description_and_impact": "Illustrator 29.8.4, 30.1, and earlier contain a heap\u2011based buffer overflow that can lead to arbitrary code execution when a user opens a crafted file. The flaw allows an attacker to corrupt memory on the heap, potentially executing arbitrary instructions in the context of the current user. The exploitation vector requires user interaction \u2013 the victim must open a malicious graphic file.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.8, indicating high severity. The EPSS probability is below 1\u202f%, suggesting that exploitation is unlikely but not impossible. Because the vector requires the victim to open a malicious file, the primary risk is malicious social\u2011engineering or phishing campaigns. The flaw is not listed in CISA\u2019s KEV catalog, so no widespread known exploits have been reported. The risk remains moderate, primarily due to the need for user interaction."}}}}, "created": "2026-03-11T11:39:03.913430+00:00", "updated": "2026-04-16T03:15:22.943454+00:00", "vendors": ["adobe", "adobe$PRODUCT$illustrator"]}