This page lists publicly disclosed CVE vulnerabilities affecting adobe illustrator (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-34687 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.17% | 2026-05-12 | 2026-05-12 |
| CVE-2026-34663 | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.14% | 2026-05-12 | 2026-05-12 |
| CVE-2026-34662 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.14% | 2026-05-12 | 2026-05-12 |
| CVE-2026-34661 | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.14% | 2026-05-12 | 2026-05-12 |
| CVE-2026-34618 | Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.18% | 2026-04-14 | 2026-04-15 |
| CVE-2026-27272 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.14% | 2026-03-10 | 2026-03-11 |
| CVE-2026-27271 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.18% | 2026-03-10 | 2026-03-11 |
| CVE-2026-27270 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.14% | 2026-03-10 | 2026-03-11 |
| CVE-2026-27268 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.14% | 2026-03-10 | 2026-03-11 |
| CVE-2026-27267 | Illustrator versions 29.8.4, 30.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.18% | 2026-03-10 | 2026-03-11 |
| CVE-2026-21362 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.14% | 2026-03-10 | 2026-03-11 |
| CVE-2026-21333 | Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 8.6 | 0.16% | 2026-03-10 | 2026-03-11 |
| CVE-2026-21288 | Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.18% | 2026-01-13 | 2026-01-14 |
| CVE-2026-21280 | Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope | [email protected] | 8.6 | 0.22% | 2026-01-13 | 2026-01-14 |
| CVE-2025-61831 | Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.20% | 2025-11-11 | 2025-11-12 |
| CVE-2025-61820 | Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.27% | 2025-11-11 | 2025-11-12 |
| CVE-2025-54284 | Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.19% | 2025-10-14 | 2025-10-16 |
| CVE-2025-54283 | Illustrator versions 29.7, 28.7.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 7.8 | 0.19% | 2025-10-14 | 2025-10-16 |
| CVE-2025-49568 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.18% | 2025-08-12 | 2025-08-14 |
| CVE-2025-49567 | Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | [email protected] | 5.5 | 0.21% | 2025-08-12 | 2025-08-14 |