Bulletin ID
Last updated on
Mar 10, 2026
Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-30
|
|
Date Published |
Priority |
|
APSB26-30 |
March 10, 2026 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and application denial-of-service.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2471 and earlier
|
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2502
|
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|
Out-of-bounds Write (CWE-787) |
Arbitrary Code Execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2026-27280 |
|
Integer Overflow or Wraparound (CWE-190) |
Application denial-of-service |
Important |
5.5 |
|
CVE-2026-27281 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Brendon Tiszka and Mateusz Jurczyk of Google Project Zero - CVE-2026-27280, CVE-2026-27281
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Revisions
- February 17, 2026: Corrected solution version
