CVE-2021-39826
HIGHAdobe Digital Editions < 4.5.11.187646 - Authenticated OS Command Injection via Malicious EPUB File
Title source: llmDescription
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html
Scores
CVSS v3
8.6
EPSS
0.0200
EPSS Percentile
78.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
adobe/digital_editions
< 4.5.11.187646
Published
Sep 27, 2021
Tracked Since
Feb 18, 2026