Permissions, Privileges, and Access Controls in Lightroom Classic - CVE-2021-40776
Published: October 27, 2021
Vulnerability identifier: #VU57690
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-40776
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Adobe
Affected software:
Lightroom Classic
Lightroom Classic
Detailed vulnerability description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to creation of temporary file in directory with incorrect permissions, which leads to security restrictions bypass and privilege escalation.
How to mitigate CVE-2021-40776
Install updates from vendor's website.