VDB

CISA-2026-21353

CISA-2026-21353 PUBLISHED CVSS 7.8 HIGH

Reported by adobe · Published February 10, 2026

DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
AdobeDNG SDK0
AdobeDNG SDK0, 0

Timeline

  • Feb 10, 2026 CVE Published
  • Mar 10, 2026 CVE Updated

References

  • vendor-advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›