adobe after-effects CVE-2026-21330 is a vulnerability in Adobe After Effects
Published on February 10, 2026

After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-21330 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Object Type Confusion Vulnerability?

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE-2026-21330 has been classified to as an Object Type Confusion vulnerability or weakness.


Products Associated with CVE-2026-21330

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-21330 are published in Adobe After Effects:

Adobe After Effects
 

Affected Versions

Adobe After Effects:

Exploit Probability

EPSS
0.01%
Percentile
0.62%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.