Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN148
_____________________________________________________________________

DATE                : 11/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe After Effects versions
                            prior to 25.6.4, 26.0.

=====================================================================
https://helpx.adobe.com/security/products/after_effects/apsb26-15.html
_____________________________________________________________________


Last updated on Feb 10, 2026

Security Updates Available for Adobe After Effects | APSB26-15

Bulletin ID          Date Published         Priority

ASPB26-15        February 10, 2026          3


Summary

Adobe has released an update for Adobe After Effects for Windows and
macOS.  This update addresses critical and important security
vulnerabilities.  Successful exploitation could lead to arbitrary
code execution, memory exposure, and application denial-of-service.

Adobe is not aware of any exploits in the wild for any of the issues 
addressed in these updates.


Affected Versions      Product          Version     Platform

Adobe After Effects   25.6 and earlier versions   Windows and macOS


Solution

Adobe categorizes these updates with the following priority ratings 
and recommends users update their installation to the newest version 
via the Creative Cloud desktop app’s update mechanism.  For more 
information, please reference this help page.

Product   Version       Platform     Priority Rating   Availability

Adobe After Effects  25.6.4  Windows and macOS  3   Download Center

Adobe After Effects  26.0   Windows and macOS   3  Download Center

For managed environments, IT administrators can use the Admin Console 
to deploy Creative Cloud applications to end users. Refer to this help 
page for more information.


Vulnerability Details

Vulnerability Category   Vulnerability Impact   Severity
CVSS base score     CVSS vector     CVE Numbers

Out-of-bounds Write (CWE-787)   Arbitrary code execution   Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21318

Use After Free (CWE-416)    Arbitrary code execution   Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21320

Integer Overflow or Wraparound (CWE-190)   Arbitrary code execution
Critical   7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21321

Out-of-bounds Read (CWE-125)    Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21322

Use After Free (CWE-416)    Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21323

Out-of-bounds Read (CWE-125)    Arbitrary code execution  Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21324

Out-of-bounds Read (CWE-125)   Arbitrary code execution   Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21325

Use After Free (CWE-416)    Arbitrary code execution    Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21326

Out-of-bounds Write (CWE-787)   Arbitrary code execution   Critical
7.8   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21327

Out-of-bounds Write (CWE-787)   Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21328

Use After Free (CWE-416)   Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-21329

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
Arbitrary code execution    Critical    7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H    CVE-2026-21330

Use After Free (CWE-416)    Arbitrary code execution   Critical
7.8    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H   CVE-2026-21351

NULL Pointer Dereference (CWE-476)    Application denial-of-service
Important    5.5    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2026-21350

Out-of-bounds Read (CWE-125)    Memory exposure    Important
5.5    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-21319


Acknowledgements

Adobe would like to thank the following for reporting the 
relevant issues and for working with Adobe to help protect our 
customers:

    voidexploit -- CVE-2026-21318, CVE-2026-21350
    yjdfy -- CVE-2026-21320, CVE-2026-21321, CVE-2026-21322, 
CVE-2026-21323, CVE-2026-21324, CVE-2026-21325, CVE-2026-21326, 
CVE-2026-21327, CVE-2026-21328, CVE-2026-21329, CVE-2026-21330
    Francis Provencher (prl) -- CVE-2026-21351, CVE-2026-21319

NOTE: Adobe has a public bug bounty program with HackerOne. If you are 
interested in working with Adobe as an external security researcher, 
please check out https://hackerone.com/adobe

For more information, visit https://helpx.adobe.com/security.html, or 
email PSIRT@adobe.com.
 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================