CVE-2026-27303

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVSS v3 9.6 CRITICAL

9.6^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://helpx.adobe.com/security/products/connect/apsb26-37.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:adobe:connect_desktop_application::::::macos::*
	cpe:2.3:a:adobe:connect_desktop_application::::::windows::*

History

22 Apr 2026, 19:36

Type	Values Removed	Values Added
First Time		Adobe connect Adobe Microsoft windows Adobe connect Desktop Application Microsoft Apple macos Apple
References	~~() https://helpx.adobe.com/security/products/connect/apsb26-37.html -~~	() https://helpx.adobe.com/security/products/connect/apsb26-37.html - Vendor Advisory
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:adobe:connect::::::-::* cpe:2.3:a:adobe:connect_desktop_application::::::windows::* cpe:2.3:a:adobe:connect_desktop_application::::::macos::* cpe:2.3:o:apple:macos:-:::::::*

14 Apr 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-14 18:16

Updated : 2026-04-22 19:36

NVD link : CVE-2026-27303

Mitre link : CVE-2026-27303

CVE.ORG link : CVE-2026-27303

JSON object : View

Products Affected

adobe

connect_desktop_application
connect

microsoft

windows

apple

macos

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2026-27303", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@adobe.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2026-04-14T18:16:56.633", "references": [{"url": "https://helpx.adobe.com/security/products/connect/apsb26-37.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@adobe.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed."}], "lastModified": "2026-04-22T19:36:22.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:connect:*:*:*:*:*:-:*:*", "vulnerable": true, "matchCriteriaId": "4A1D88E9-612C-49B1-8521-F2258D4D74CA", "versionEndExcluding": "12.11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:macos:*:*", "vulnerable": true, "matchCriteriaId": "185BF6E9-82FC-45E0-A64E-03FB923F34AD", "versionEndIncluding": "2025.3"}, {"criteria": "cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "783AAAA9-E68B-43E3-86A3-5227E27392A5", "versionEndExcluding": "2025.9.15"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@adobe.com"}