PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-34705 Adobe CVE debrief

CVE-2026-34705 is a MEDIUM-severity vulnerability in Adobe InDesign, with a CVSS score of 5.5. The vulnerability is an out-of-bounds read issue that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information by tricking a victim into opening a malicious file. This issue requires user interaction.

Vendor
Adobe
Product
InDesign Desktop
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-10
Advisory published
2026-06-09
Advisory updated
2026-06-10

Who should care

Users of Adobe InDesign versions 21.3, 20.5.3, and earlier should apply patches or mitigations to prevent potential exploitation of this vulnerability.

Technical summary

The vulnerability exists in Adobe InDesign versions 21.3, 20.5.3, and earlier. It is characterized as an out-of-bounds read issue, which could lead to disclosure of sensitive memory. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.5, indicating a MEDIUM severity level. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by Adobe to vulnerable versions of InDesign.
  • Ensure users are aware of the risks associated with opening malicious files.
  • Consider implementing security measures to detect and prevent malicious file distribution.

Evidence notes

The CVE-2026-34705 vulnerability was published on 2026-06-09T18:16:42.833Z and modified on 2026-06-10T13:01:29.313Z. The vulnerability affects Adobe InDesign versions 21.3, 20.5.3, and earlier. The CVSS score is 5.5, indicating a MEDIUM severity level.

Official resources

CVE-2026-34705 was published on 2026-06-09T18:16:42.833Z and modified on 2026-06-10T13:01:29.313Z.