{"api_version":"1","generated_at":"2026-07-15T12:50:27+00:00","cve":"CVE-2026-48340","urls":{"html":"https://cve.report/CVE-2026-48340","api":"https://cve.report/api/cve/CVE-2026-48340.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-48340","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-48340"},"summary":{"title":"Bridge | Untrusted Pointer Dereference (CWE-822)","description":"Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","state":"PUBLISHED","assigner":"adobe","published_at":"2026-07-14 21:16:59","updated_at":"2026-07-15 11:16:27"},"problem_types":["CWE-822","CWE-822 Untrusted Pointer Dereference (CWE-822)"],"metrics":[{"version":"3.1","source":"psirt@adobe.com","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","availabilityRequirement":"NOT_DEFINED","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":7.8,"environmentalSeverity":"HIGH","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"HIGH","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"LOCAL","modifiedAvailabilityImpact":"HIGH","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"HIGH","modifiedPrivilegesRequired":"NONE","modifiedScope":"UNCHANGED","modifiedUserInteraction":"REQUIRED","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"UNCHANGED","temporalScore":7.8,"temporalSeverity":"HIGH","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://helpx.adobe.com/security/products/bridge/apsb26-81.html","name":"https://helpx.adobe.com/security/products/bridge/apsb26-81.html","refsource":"psirt@adobe.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-48340","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48340","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Adobe","product":"Adobe Bridge","version":"affected 16.0.3 semver","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Bridge","version":"unaffected 16.0.4 semver","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Bridge","version":"affected 15.1.5 semver","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Bridge","version":"unaffected 15.1.6 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-48340","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-07-15T04:00:13.616341Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-15T10:31:53.182Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"affected","product":"Adobe Bridge","vendor":"Adobe","versions":[{"lessThanOrEqual":"16.0.3","status":"affected","version":"0","versionType":"semver"},{"status":"unaffected","version":"16.0.4","versionType":"semver"}]},{"defaultStatus":"affected","product":"Adobe Bridge","vendor":"Adobe","versions":[{"lessThanOrEqual":"15.1.5","status":"affected","version":"0","versionType":"semver"},{"status":"unaffected","version":"15.1.6","versionType":"semver"}]}],"datePublic":"2026-07-14T17:00:00.000Z","descriptions":[{"lang":"en","value":"Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","availabilityRequirement":"NOT_DEFINED","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":7.8,"environmentalSeverity":"HIGH","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"HIGH","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"LOCAL","modifiedAvailabilityImpact":"HIGH","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"HIGH","modifiedPrivilegesRequired":"NONE","modifiedScope":"UNCHANGED","modifiedUserInteraction":"REQUIRED","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"UNCHANGED","temporalScore":7.8,"temporalSeverity":"HIGH","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-822","description":"Untrusted Pointer Dereference (CWE-822)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T20:35:17.792Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"tags":["vendor-advisory"],"url":"https://helpx.adobe.com/security/products/bridge/apsb26-81.html"}],"source":{"discovery":"EXTERNAL"},"title":"Bridge | Untrusted Pointer Dereference (CWE-822)","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2026-48340","datePublished":"2026-07-14T20:35:17.792Z","dateReserved":"2026-05-21T15:28:38.139Z","dateUpdated":"2026-07-15T10:31:53.182Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 21:16:59","lastModifiedDate":"2026-07-15 11:16:27","problem_types":["CWE-822","CWE-822 Untrusted Pointer Dereference (CWE-822)"],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-15T04:00:13.616341Z","id":"CVE-2026-48340","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"48340","Ordinal":"1","Title":"Bridge | Untrusted Pointer Dereference (CWE-822)","CVE":"CVE-2026-48340","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"48340","Ordinal":"1","NoteData":"Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.","Type":"Description","Title":"Bridge | Untrusted Pointer Dereference (CWE-822)"}]}}}