Adobe Creative Cloud Vulnerability Allows Local Privilege Escalation
A local privilege escalation vulnerability in Adobe Creative Cloud Desktop Application, ZDI-26-420, allows attackers with initial code execution to gain SYSTEM privileges.

Zero Day Initiative has disclosed a local privilege escalation vulnerability affecting Adobe Creative Cloud Desktop Application, identified as ZDI-26-420 and assigned CVE-2026-48344. This flaw permits attackers who have already gained low-privilege code execution on a target system to elevate their privileges to the SYSTEM level.
The vulnerability stems from incorrect permissions assigned to a resource utilized by the AGSService component within the Creative Cloud Desktop Application. By exploiting this misconfiguration, an attacker can achieve the ability to execute arbitrary code with the highest level of system privileges, potentially leading to a full system compromise.
The CVSS score for this vulnerability has been set at 7.8, indicating a high severity. This score reflects the potential impact of a successful exploit, which could allow an attacker to take complete control of an affected machine. The prerequisite of initial low-privilege code execution means that this vulnerability is most likely to be exploited in scenarios where an attacker has already gained a foothold on the system through other means, such as phishing or exploiting a separate vulnerability.
Adobe has acknowledged the vulnerability and has released a security update to address it. Users are strongly advised to update their Adobe Creative Cloud Desktop Application to the latest version to mitigate the risk. The advisory from Adobe, APSB26-77, provides further details on the affected versions and the patching process.
This vulnerability was reported to Adobe by Brandon Evans of TrendAI on March 25, 2026. The coordinated public release of the advisory by Zero Day Initiative on July 15, 2026, follows Adobe's patching of the issue, ensuring that users have access to the necessary information and fixes.
While the immediate impact is on individual systems, the widespread use of Adobe Creative Cloud applications means that this vulnerability could be a target for attackers seeking to gain elevated access for further malicious activities, such as deploying ransomware or stealing sensitive data. The ease of exploitation once initial access is gained makes it a valuable target for threat actors.
Users should remain vigilant and ensure their software is kept up-to-date. Regular security audits and the implementation of robust endpoint security solutions can also help detect and prevent exploitation attempts. The timely patching of such vulnerabilities is crucial in maintaining a secure computing environment.
This advisory, ZDI-26-419, details a separate local privilege escalation vulnerability within Adobe Creative Cloud's AdobeUpdateService. The flaw stems from an uncontrolled search path element that allows a low-privilege attacker to load a library from an unsecured location, ultimately leading to SYSTEM-level code execution. Adobe has released a patch for this specific issue, identified as CVE-2026-48272, with a CVSS score of 7.0.