Bulletin ID
Last updated on
Apr 14, 2026
Security update available for Adobe DNG Software Development Kit (SDK) | APSB26-41
|
|
Date Published |
Priority |
|
APSB26-41 |
April 14, 2026 |
3 |
Summary
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves important vulnerabilities that could lead to application denial-of-service and memory exposure.
Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.
Affected Versions
|
Product |
Affected version |
Platform |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2502 and earlier
|
All |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Adobe DNG Software Development Kit (SDK) |
DNG SDK 1.7.1 build 2536
|
All |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Number |
|
|
Out-of-bounds Write (CWE-787) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
CVE-2026-27258 |
|
Out-of-bounds Write (CWE-787) |
Application denial-of-service |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2026-27259 |
|
Out-of-bounds Read (CWE-125) |
Memory exposure |
Important |
5.5 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
CVE-2026-27260 |
Acknowledgments
Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:
- Brendon Tiszka and Mateusz Jurczyk of Google Project Zero - CVE-2026-27258, CVE-2026-27259, CVE-2026-27260
NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
Revisions
- February 17, 2026: Corrected solution version
