CVE-2026-34632

HIGH

Photoshop Installer | CWE-427: Uncontrolled Search Path Element

Title source: cna

Description

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

References (2)

https://cwe.mitre.org/data/definitions/427.html

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274

Scores

CVSS v3 8.2

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

Adobe/Adobe Photoshop Installer

Published Apr 15, 2026

Tracked Since Apr 16, 2026