CVE-2026-21280:

Untrusted Search Path vulnerability in Adobe Illustrator versions 29.8.3, 30.0 and earlier allows arbitrary code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.6High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:8%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED

Impact

Score:6.0
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Untrusted Search Path vulnerability in Adobe Illustrator versions 29.8.3, 30.0 and earlier allows arbitrary code execution.

Overview

The Untrusted Search Path vulnerability in Adobe Illustrator poses a significant risk to users of affected versions. This vulnerability allows an attacker to potentially execute arbitrary code on a victim's system by exploiting the application's search path mechanism. The attack vector is local, requiring low attack complexity and no privileges, but does necessitate user interaction. The scope of the vulnerability is changed, meaning it can affect resources beyond its security scope. If successfully exploited, this vulnerability could lead to high impacts on confidentiality, integrity, and availability of the affected system.

Remediation

To mitigate this vulnerability, users and administrators should take the following actions:
1. Update Adobe Illustrator to the latest version that addresses this vulnerability.
2. Exercise caution when opening files from untrusted sources.
3. Implement the principle of least privilege for user accounts.
4. Use application whitelisting to prevent unauthorized executables from running.
5. Keep all software and operating systems up-to-date with the latest security patches.
6. Educate users about the risks of opening suspicious files or clicking on untrusted links.
7. Implement and maintain robust endpoint protection solutions.