CVE-2026-27246

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

CVSS v3 9.3 CRITICAL

9.3^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/connect/apsb26-37.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:adobe:connect_desktop_application::::::macos::*
	cpe:2.3:a:adobe:connect_desktop_application::::::windows::*

History

22 Apr 2026, 19:35

Type	Values Removed	Values Added
First Time		Adobe connect Adobe Microsoft windows Adobe connect Desktop Application Microsoft Apple macos Apple
References	~~() https://helpx.adobe.com/security/products/connect/apsb26-37.html -~~	() https://helpx.adobe.com/security/products/connect/apsb26-37.html - Vendor Advisory
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:adobe:connect::::::-::* cpe:2.3:a:adobe:connect_desktop_application::::::windows::* cpe:2.3:a:adobe:connect_desktop_application::::::macos::* cpe:2.3:o:apple:macos:-:::::::*

14 Apr 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-14 18:16

Updated : 2026-04-22 19:35

NVD link : CVE-2026-27246

Mitre link : CVE-2026-27246

CVE.ORG link : CVE-2026-27246

JSON object : View

Products Affected

adobe

connect_desktop_application
connect

microsoft

windows

apple

macos

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-27246", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.3, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-04-14T18:16:56.050", "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed."}], "lastModified": "2026-04-22T19:35:59.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "4A1D88E9-612C-49B1-8521-F2258D4D74CA", "versionEndExcluding": "12.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "185BF6E9-82FC-45E0-A64E-03FB923F34AD", "versionEndIncluding": "2025.3"}, {"criteria": "cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "783AAAA9-E68B-43E3-86A3-5227E27392A5", "versionEndExcluding": "2025.9.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}