Photoshop Installer Vulnerability Allows Arbitrary Code Execution

/HIGH
SCW vulnerabilitycvehigh-severitycode-executioncwe-427
Photoshop Installer Vulnerability Allows Arbitrary Code Execution

The National Vulnerability Database (NVD) recently detailed CVE-2026-34632, a high-severity vulnerability affecting the Adobe Photoshop Installer. This flaw, categorized as an Uncontrolled Search Path Element (CWE-427), could enable a low-privileged local attacker to achieve arbitrary code execution in the context of the current user. Essentially, an attacker could manipulate the search path the installer uses to find critical resources, tricking it into executing malicious code instead.

While the CVSS score of 8.2 (HIGH) is concerning, it’s important to note that exploitation isn’t entirely silent. According to the NVD, user interaction is required; specifically, a user must be actively running the Photoshop installer for the vulnerability to be triggered. This mitigates some of the immediate ‘lights out’ threat, but it’s still a significant risk, especially in environments where users frequently install or update software.

Related ATT&CK Techniques

T1204.002 Malicious File Execution T1574.002 DLL Side-Loading Privilege Escalation

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.

medium T1204.002 Execution

Suspicious File Download via Email

✓ Sigma 🔒 Splunk SPL 🔒 Sentinel KQL 🔒 Elastic 🔒 QRadar AQL 🔒 Wazuh

Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.

3 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get All SIEM Formats →

Indicators of Compromise

IDTypeIndicator
CVE-2026-34632 RCE Adobe Photoshop Installer
CVE-2026-34632 RCE Uncontrolled Search Path Element vulnerability

By Shimi's Cyber World Editorial

Related Posts

Composer Command Injection: Malicious Repositories are a New Vector

CVE-2026-40261 — Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase()...

vulnerabilityCVEhigh-severitycommand-injectioncwe-20cwe-78
/HIGH /⚑ 5 IOCs

CVE-2026-40186 — Non-Default Configurations Where Option Or Textarea Are Incl Cross-Site Scripting (XSS)

CVE-2026-40186 — ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package...

vulnerabilityCVEcross-site-scripting-xss-cwe-79
/MEDIUM /⚑ 2 IOCs

Critical Dgraph Flaw Leaks Admin Tokens, Bypassing Authentication

CVE-2026-40173 — Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is...

vulnerabilityCVEcriticalhigh-severitycwe-200cwe-215
/CRITICAL /⚑ 4 IOCs