What is the CVSS score of CVE-2026-27243?

CVE-2026-27243 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Adobe Connect are affected by CVE-2026-27243?

Adobe Connect versions 12.10 and earlier contain a critical reflected cross-site scripting (XSS) vulnerability (CVSS 9.3) that allows unauthenticated attackers to execute arbitrary JavaScript in user…

Adobe Connect CVE-2026-27243

EUVD-2026-22661 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-14 adobe

GHSA-fm65-7j3c-jcv3

XSS Adobe

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 28, 2026 - 03:30 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 19:37 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:38 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 18:01 euvd

EUVD-2026-22661

Analysis Generated

Apr 14, 2026 - 18:01 vuln.today

CVE Published

Apr 14, 2026 - 17:33 nvd

CRITICAL 9.3

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

AnalysisAI

Reflected XSS in Adobe Connect versions 12.10 and earlier enables attackers to execute malicious JavaScript in victim browsers through crafted URLs. The changed scope (S:C) in the CVSS vector indicates the vulnerability can affect resources beyond the vulnerable component, elevating the severity to 9.3 despite being 'just' XSS. …

RemediationAI

Within 24 hours: Inventory all Adobe Connect deployments and identify which are internet-accessible; notify users of the vulnerability and advise against clicking unknown links to Connect instances. Within 7 days: Upgrade Adobe Connect to version 12.11 or later (when released by vendor); if unavailable, implement network-level access restrictions (WAF rules, IP allowlisting, or VPN-only access) to limit exposure surface. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27243 vulnerability details – vuln.today

Back