CVE-2026-27243

| EUVD-2026-22661 CRITICAL
2026-04-14 adobe GHSA-fm65-7j3c-jcv3
XSS Adobe
9.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 19:38 vuln.today

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

AnalysisAI

Reflected XSS in Adobe Connect 12.10 and earlier enables remote attackers to execute arbitrary JavaScript in victim browsers via malicious URLs. The scope-changed CVSS designation reflects potential cross-domain impact, elevating this to critical severity (9.3). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: inventory all Adobe Connect deployments and version numbers across the organization; notify end-users to avoid clicking unfamiliar links in emails or messages referencing Adobe Connect meetings. Within 7 days: implement email gateway controls to flag or block suspicious URLs containing Adobe Connect domains; enable browser security headers (CSP, X-Frame-Options) on Adobe Connect instances if configurable. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-27243 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy