Medium severity5.5NVD Advisory· Published Apr 14, 2026· Updated Apr 15, 2026

CVE-2026-27258

Description

DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Affected products

Adobe Inc./Dng Software Development Kit
cpe:2.3:a:adobe:dng_software_development_kit:*:*:*:*:*:*:*:*
Range: <=1.7.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

helpx.adobe.com/security/products/dng-sdk/apsb26-41.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000