What is the severity of CVE-2026-21280?

CVE-2026-21280 has a CVSS v3 score of 8.6, which is classified as High severity.

Is there an exploit available for CVE-2026-21280?

No known public exploits are currently available for CVE-2026-21280.

Is there a patch available for CVE-2026-21280?

Yes, patches are available for CVE-2026-21280. Check the vendor advisories for update instructions.

CVE-2026-21280 - CVE Details, Severity, and Analysis

Published: January 29, 2026

Last updated:1 hour ago (January 29, 2026)

Updated January 29, 2026

Strobes VI. (2026). CVE-2026-21280 - CVE Details and Analysis. Strobes VI. Retrieved January 29, 2026, from https://vi.strobes.co/cve/CVE-2026-21280

no major risk factors

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

Vendor	Product
Adobe	Illustrator
Microsoft	Windows
Apple	macOS

NVD: Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.