{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27222", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "state": "PUBLISHED", "assignerShortName": "adobe", "dateReserved": "2026-02-18T22:02:41.380Z", "datePublished": "2026-04-14T19:44:58.971Z", "dateUpdated": "2026-04-15T17:39:30.343Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Bridge", "vendor": "Adobe", "versions": [{"lessThanOrEqual": "15.1.4", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2026-04-14T17:00:00.000Z", "descriptions": [{"lang": "en", "value": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "environmentalScore": 5.5, "environmentalSeverity": "MEDIUM", "exploitCodeMaturity": "NOT_DEFINED", "integrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "LOW", "modifiedAttackVector": "LOCAL", "modifiedAvailabilityImpact": "HIGH", "modifiedConfidentialityImpact": "NONE", "modifiedIntegrityImpact": "NONE", "modifiedPrivilegesRequired": "NONE", "modifiedScope": "UNCHANGED", "modifiedUserInteraction": "REQUIRED", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 5.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "Divide By Zero (CWE-369)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-14T19:44:58.971Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Bridge | Divide By Zero (CWE-369)"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T17:38:19.845585Z", "id": "CVE-2026-27222", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:39:30.343Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T17:38:19.845585Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:38:26.722Z"}}], "cna": {"title": "Bridge | Divide By Zero (CWE-369)", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "modifiedScope": "UNCHANGED", "temporalScore": 5.5, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "temporalSeverity": "MEDIUM", "availabilityImpact": "HIGH", "environmentalScore": 5.5, "privilegesRequired": "NONE", "exploitCodeMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "LOCAL", "confidentialityImpact": "NONE", "environmentalSeverity": "MEDIUM", "availabilityRequirement": "NOT_DEFINED", "modifiedIntegrityImpact": "NONE", "modifiedUserInteraction": "REQUIRED", "modifiedAttackComplexity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAvailabilityImpact": "HIGH", "modifiedPrivilegesRequired": "NONE", "modifiedConfidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Adobe", "product": "Bridge", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "15.1.4"}], "defaultStatus": "affected"}], "datePublic": "2026-04-14T17:00:00.000Z", "references": [{"url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-369", "description": "Divide By Zero (CWE-369)"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2026-04-14T19:44:58.971Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27222", "state": "PUBLISHED", "dateUpdated": "2026-04-15T17:39:30.343Z", "dateReserved": "2026-02-18T22:02:41.380Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2026-04-14T19:44:58.971Z", "assignerShortName": "adobe"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B4FBE0D-49AE-47B0-9A02-CF772B606C89", "versionEndExcluding": "15.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:bridge:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA94FD4C-CD52-43BC-9DD6-C688A783A5F9", "versionEndExcluding": "16.0.3", "versionStartIncluding": "16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or render it unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file."}], "id": "CVE-2026-27222", "lastModified": "2026-04-15T19:59:51.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "psirt@adobe.com", "type": "Primary"}]}, "published": "2026-04-14T20:16:32.927", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/bridge/apsb26-39.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "psirt@adobe.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.1.4]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Bridge", "source": "cna", "vendor": "Adobe"}, "product": "bridge", "vendor": "adobe"}], "analysis": {"en": {"generated_at": "2026-04-14T21:33:28.026433+00:00", "value": {"mitigation_remediation": ["Update Adobe Bridge to the latest version released by Adobe, ensuring the new build is not affected by the divide\u2011by\u2011zero issue.", "Verify installations and remove any legacy Bridge versions that remain.", "Exercise caution when opening files from untrusted sources, and avoid executing unknown or suspicious files."], "summary": {"action": "Patch", "impact": "Denial\u2011of\u2011Service"}, "threat_synthesis": {"affected_systems": "Adobe Bridge installations on any platform that use version 16.0.2, 15.1.4 or earlier are affected. This includes all builds distributed before the defined fixed releases. Users who have not upgraded beyond these versions are susceptible to the divide\u2011by\u2011zero issue.", "description_and_impact": "The vulnerability is a divide\u2011by\u2011zero flaw that exists in Adobe Bridge versions 16.0.2, 15.1.4 and all earlier releases. When a crafted file that triggers the error is opened by the application, the runtime exception causes the Bridge process to crash or become unresponsive, resulting in a denial\u2011of\u2011service condition for the user. The flaw does not directly expose data or allow arbitrary code execution.", "risk_and_exploitability": "The CVSS base score of 5.5 indicates a moderate severity. Exploitation requires a malicious file and user interaction to open the file, so the attack vector is user\u2011initiated. No EPSS score is publicly available and the vulnerability is not listed in the CISA KEV catalog, but because the failure interrupts legitimate use, environments that frequently process external Bridge files face a moderate operational risk."}}}}, "created": "2026-04-15T14:28:41.002496+00:00", "updated": "2026-04-15T14:41:09.772531+00:00", "vendors": ["adobe", "adobe$PRODUCT$bridge"]}