{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34632", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-03-30T17:30:36.491Z", "datePublished": "2026-04-15T18:35:52.192Z", "dateUpdated": "2026-04-22T16:23:58.307Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-15T18:35:52.192Z"}, "title": "Photoshop Installer | CWE-427: Uncontrolled Search Path Element", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "type": "CWE"}]}], "affected": [{"vendor": "Adobe", "product": "Adobe Photoshop Installer", "versions": [{"status": "affected", "version": "0", "lessThanOrEqual": "N/A", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div>Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.</div>"}]}], "references": [{"url": "https://cwe.mitre.org/data/definitions/427.html"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-34632"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T03:55:40.701Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-22T16:23:58.307Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-22T16:23:58.307Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T19:57:53.919257Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T19:58:09.923Z"}}], "cna": {"title": "Photoshop Installer | CWE-427: Uncontrolled Search Path Element", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Adobe Photoshop Installer", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "N/A"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://cwe.mitre.org/data/definitions/427.html"}], "descriptions": [{"lang": "en", "value": "Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.", "supportingMedia": [{"type": "text/html", "value": "<div>Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-15T18:35:52.192Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34632", "state": "PUBLISHED", "dateUpdated": "2026-04-22T16:23:58.307Z", "dateReserved": "2026-03-30T17:30:36.491Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-04-15T18:35:52.192Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer."}], "id": "CVE-2026-34632", "lastModified": "2026-04-22T17:16:35.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "psirt@adobe.com", "type": "Secondary"}]}, "published": "2026-04-15T19:16:36.223", "references": [{"source": "psirt@adobe.com", "url": "https://cwe.mitre.org/data/definitions/427.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "psirt@adobe.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Adobe Photoshop Installer", "source": "cna", "vendor": "Adobe"}, "product": "adobe_photoshop_installer", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-15T22:11:52.617892+00:00", "value": {"mitigation_remediation": ["Download and install the latest Adobe Photoshop Installer from Adobe\u2019s official website.", "Configure application whitelisting (e.g., AppLocker or Software Restriction Policies) so that only signed Adobe installers are allowed to run.", "Restrict the PATH environment variable to trusted directories and prevent modification by installers.", "Verify that non\u2011Adobe installers are blocked and that system updates are applied regularly."], "summary": {"action": "Patch Now", "impact": "Uncontrolled Search Path leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Systems impacted are those running Adobe Photoshop Installer from Adobe. No specific version information is supplied; users who routinely download and run the installer are potentially exposed.", "description_and_impact": "Adobe Photoshop Installer suffered from a flaw where the search path for locating critical resources could be manipulated. This uncontrolled search path element, identified as CWE\u2011427, could allow a local attacker to place malicious files in a directory that the installer would read preferentially, enabling the attacker to run arbitrary code with the privileges of the user who launches the installer.", "risk_and_exploitability": "The CVSS score of 8.2 indicates high severity. Exploitation requires user interaction; the attacker must persuade a user to execute the installer on the target machine. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, but the high severity score suggests that the vulnerability can be leveraged for significant damage."}}}}, "created": "2026-04-15T22:15:15.709278+00:00", "updated": "2026-04-16T09:12:24.559346+00:00", "vendors": ["adobe", "adobe$PRODUCT$adobe_photoshop_installer"]}