{"api_version":"1","generated_at":"2026-05-06T16:57:55+00:00","cve":"CVE-2021-39826","urls":{"html":"https://cve.report/CVE-2021-39826","api":"https://cve.report/api/cve/CVE-2021-39826.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-39826","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-39826"},"summary":{"title":"CVE-2021-39826","description":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.","state":"PUBLIC","assigner":"psirt@adobe.com","published_at":"2021-09-27 16:15:00","updated_at":"2021-10-01 11:59:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","name":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","refsource":"MISC","tags":[],"title":"Adobe Security Bulletin","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-39826","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-39826","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"39826","vulnerable":"1","versionEndIncluding":"4.5.11.187646","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"adobe","cpe5":"digital_editions","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"39826","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-39826","qid":"375859","title":"Adobe Digital Editions Multiple Vulnerabilities (APSB21-80)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@adobe.com","DATE_PUBLIC":"2021-09-14T23:00:00.000Z","ID":"CVE-2021-39826","STATE":"PUBLIC","TITLE":"Adobe Digital Editions Command Execution Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Digital Editions","version":{"version_data":[{"version_affected":"<=","version_value":"4.5.11.187646"},{"version_affected":"<=","version_value":"None"},{"version_affected":"<=","version_value":"None"},{"version_affected":"<=","version_value":"None"}]}}]},"vendor_name":"Adobe"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Local","availabilityImpact":"High","baseScore":8.6,"baseSeverity":"High","confidentialityImpact":"High","integrityImpact":"High","privilegesRequired":"None","scope":"Changed","userInteraction":"Required","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html","name":"https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-09-27 16:15:00","lastModifiedDate":"2021-10-01 11:59:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.6,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":9.3},"severity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.11.187646","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"39826","Ordinal":"215532","Title":"CVE-2021-39826","CVE":"CVE-2021-39826","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"39826","Ordinal":"1","NoteData":"Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"39826","Ordinal":"2","NoteData":"2021-09-27","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"39826","Ordinal":"3","NoteData":"2021-09-27","Type":"Other","Title":"Modified"}]}}}