Bulletin ID
Last updated on
Feb 10, 2026
Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-23
|
|
Date Published |
Priority |
|
APSB26-23 |
February 10, 2026 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and memory exposure, or application denial-of-service.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2410 and earlier versions |
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.2 build 2410 |
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|
Out-of-bounds Write (CWE-787) |
Arbitrary Code Execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2026-21352 |
|
Integer Overflow or Wraparound (CWE-190) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2026-21353 |
|
Integer Overflow or Wraparound (CWE-190) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2026-21354 |
|
Out-of-bounds Read (CWE-125) |
Memory exposure |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2026-21355 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Brendon Tiszka and Mateusz Jurczyk of Google Project Zero - CVE-2026-21352, CVE-2026-21353, CVE-2026-21354
- Ruikai - CVE-2026-21355
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Revisions
- January 28, 2026: Corrected solution version
