CVE-2026-34632

Photoshop Installer | CWE-427: Uncontrolled Search Path Element

CVSS 8.2 HIGHEPSS 0.2%CWE-427

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Apr 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the application to locate critical resources, potentially causing unauthorized code execution. Exploitation of this issue required user interaction in that a user had to be running the installer.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

Adobe · Adobe Photoshop Installer

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cwe.mitre.org/data/definitions/427.html https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2274