CVE-2023-26358
📊 8.6 HIGH⚡ 0.1%🎯 0 exploits
📅 Published Mar 22, 2023
📋 Status: Modified
Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.
CVSS v3.1 • [email protected]
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | adobe | creative cloud | < 5.10 | Vulnerable | cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: < 5.10
CPE:
cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector:
LOCAL
Complexity:
LOW
Privileges:
NONE
User Interaction:
REQUIRED
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
CHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
8.6 (HIGH)v3.1
Source: [email protected]
EPSS Details
0.1% (Minimal)35.7th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Mar 22, 2023 (2 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1
CWE-426
References2
NVDgeneral