PatchSiren cyber security CVE debrief
CVE-2026-34704 Adobe CVE debrief
CVE-2026-34704 is a NULL Pointer Dereference vulnerability affecting Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier. This vulnerability could lead to an application denial-of-service. An attacker could exploit this issue by getting a victim to open a malicious file, resulting in a denial-of-service condition. The CVSS score for this vulnerability is 5.5, with a severity rating of MEDIUM.
- Vendor
- Adobe
- Product
- InDesign Desktop
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier should apply the necessary updates to mitigate this vulnerability.
Technical summary
The vulnerability exists in the following versions: Adobe InDesign Desktop versions 21.3, 20.5.3, and earlier. The CWE for this vulnerability is CWE-476.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the necessary updates as recommended by Adobe.
- Be cautious when opening files from untrusted sources.
Evidence notes
The CVE was published on 2026-06-09T18:16:42.583Z and modified on 2026-06-10T13:01:24.790Z. The vulnerability has a CVSS score of 5.5 and a severity rating of MEDIUM.
Official resources
-
CVE-2026-34704 CVE record
CVE.org
-
CVE-2026-34704 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34704 was published on 2026-06-09T18:16:42.583Z and modified on 2026-06-10T13:01:24.790Z.