Skip to content
Threat Feed
high advisory

CVE-2026-34638: Adobe Premiere Pro Use-After-Free Vulnerability Leading to Arbitrary Code Execution

Adobe Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability (CVE-2026-34638) that could lead to arbitrary code execution in the context of the current user if a malicious file is opened.

Adobe Premiere Pro versions 26.0.2, 25.6.4, and earlier are susceptible to a Use-After-Free (UAF) vulnerability identified as CVE-2026-34638. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code within the security context of the currently logged-in user. The attack requires user interaction; a victim must open a specially crafted, malicious file designed to trigger the vulnerability. This could result in significant system compromise. The vulnerability was reported on May 12, 2026.

Attack Chain

  1. An attacker crafts a malicious project file specifically designed to trigger the Use-After-Free vulnerability in Adobe Premiere Pro.
  2. The attacker distributes this malicious file to a target, potentially through social engineering or other delivery mechanisms.
  3. The victim, unaware of the malicious nature of the file, opens it using a vulnerable version of Adobe Premiere Pro (<= 26.0.2 or 25.6.4).
  4. Premiere Pro attempts to process the malformed data within the crafted file.
  5. Due to the UAF vulnerability (CVE-2026-34638), Premiere Pro accesses a memory location that has already been freed, leading to memory corruption.
  6. The attacker leverages the corrupted memory to inject and execute arbitrary code within the Premiere Pro process.
  7. The attacker gains control of the Premiere Pro process with the privileges of the current user.
  8. The attacker can then perform malicious actions, such as installing malware, stealing data, or compromising the system further.

Impact

Successful exploitation of CVE-2026-34638 allows for arbitrary code execution, leading to a complete compromise of the user’s system. The attacker gains the same privileges as the user running Premiere Pro. This can lead to data theft, malware installation, and further exploitation of the compromised system. The number of potential victims is broad, encompassing any user of the affected Adobe Premiere Pro versions.

Recommendation

  • Upgrade to a patched version of Adobe Premiere Pro (later than 26.0.2 or 25.6.4) to remediate CVE-2026-34638.
  • Implement user training to educate users about the risks of opening untrusted files to mitigate the initial access vector.
  • Deploy the Sigma rule “Detect Premiere Pro Use After Free Vulnerability File Open” to identify potential exploitation attempts based on process creation events.
  • Monitor file creation events for suspicious file types associated with Adobe Premiere Pro projects to detect potentially malicious files.

Detection coverage 2

Detect Premiere Pro Use After Free Vulnerability File Open

high

Detects CVE-2026-34638 exploitation - suspicious process creation after Premiere Pro opens a file. This may indicate exploitation of a Use-After-Free vulnerability.

sigma tactics: execution techniques: T1204.002 sources: process_creation, windows

Detect Suspicious File Creation by Premiere Pro

medium

Detects CVE-2026-34638 exploitation - Premiere Pro creates suspicious files, which can be indicative of exploitation

sigma tactics: execution techniques: T1027 sources: file_event, windows

Detection queries are available on the platform. Get full rules →