CVE-2021-44186

LOW

Adobe Bridge < 11.1.2 and 12.0 - Out-of-bounds Read via Malicious SGI File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44186.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-44168, which targets FortiGate firewalls. The exploit generates a malicious package file that, when processed, performs directory traversal to drop a shell via LD_PRELOAD tricks, resulting in root access.

Description

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.

Exploits (1)

inthewild WORKING POC
poc
https://github.com/0xhaggis/cve-2021-44186

This repository contains a functional exploit for CVE-2021-44168, which targets FortiGate firewalls. The exploit generates a malicious package file that, when processed, performs directory traversal to drop a shell via LD_PRELOAD tricks, resulting in root access.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: FortiGate firewall <= 7.0.2
Auth required
Prerequisites: Access to FortiGate admin CLI · Ability to transfer the malicious package file to the target
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 3.3
EPSS 0.0080
EPSS Percentile 74.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (2)
adobe/bridge 12.0
adobe/bridge < 11.1.2
Published Dec 07, 2021
Tracked Since Feb 18, 2026