CVE-2026-34631 PUBLISHED

InCopy | Out-of-bounds Write (CWE-787)

Assigner: adobe
Reserved: 30.03.2026 Published: 14.04.2026 Updated: 14.04.2026

InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Adobe
Product InCopy
Versions Default: affected
  • affected from 0 to 21.2 (incl.)

References

Problem Types

  • Out-of-bounds Write (CWE-787) CWE