{"api_version":"1","generated_at":"2026-04-22T15:51:43+00:00","cve":"CVE-2026-34632","urls":{"html":"https://cve.report/CVE-2026-34632","api":"https://cve.report/api/cve/CVE-2026-34632.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-34632","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-34632"},"summary":{"title":"Photoshop Installer | CWE-427: Uncontrolled Search Path Element","description":"Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.","state":"PUBLISHED","assigner":"adobe","published_at":"2026-04-15 19:16:36","updated_at":"2026-04-17 15:08:54"},"problem_types":["CWE-427","CWE-427 CWE-427: Uncontrolled Search Path Element"],"metrics":[{"version":"3.1","source":"psirt@adobe.com","type":"Primary","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://cwe.mitre.org/data/definitions/427.html","name":"https://cwe.mitre.org/data/definitions/427.html","refsource":"psirt@adobe.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-34632","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34632","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Adobe","product":"Adobe Photoshop Installer","version":"affected N/A custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"34632","cve":"CVE-2026-34632","epss":"0.000080000","percentile":"0.007230000","score_date":"2026-04-21","updated_at":"2026-04-22 00:07:41"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-34632","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-04-15T00:00:00+00:00","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-04-16T03:55:40.701Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Adobe Photoshop Installer","vendor":"Adobe","versions":[{"lessThanOrEqual":"N/A","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div>Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.</div>"}],"value":"Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427: Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-15T18:35:52.192Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"url":"https://cwe.mitre.org/data/definitions/427.html"}],"source":{"discovery":"UNKNOWN"},"title":"Photoshop Installer | CWE-427: Uncontrolled Search Path Element"}},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2026-34632","datePublished":"2026-04-15T18:35:52.192Z","dateReserved":"2026-03-30T17:30:36.491Z","dateUpdated":"2026-04-16T03:55:40.701Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-04-15 19:16:36","lastModifiedDate":"2026-04-17 15:08:54","problem_types":["CWE-427","CWE-427 CWE-427: Uncontrolled Search Path Element"],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"34632","Ordinal":"1","Title":"Photoshop Installer | CWE-427: Uncontrolled Search Path Element","CVE":"CVE-2026-34632","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"34632","Ordinal":"1","NoteData":"Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.","Type":"Description","Title":"Photoshop Installer | CWE-427: Uncontrolled Search Path Element"}]}}}