What is the CVSS score of CVE-2026-27245?

CVE-2026-27245 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Adobe Connect are affected by CVE-2026-27245?

Adobe Connect versions 12.10 and earlier contain a reflected cross-site scripting (XSS) vulnerability that could allow attackers to execute malicious code in user browsers and potentially access…

How to fix or mitigate CVE-2026-27245?

Within 24 hours: Inventory all Adobe Connect deployments and document current versions in use. Within 7 days: Communicate to end-users to avoid clicking suspicious links in Adobe Connect meeting invitations or emails, and educate administrators on the XSS risk vector. Within 30 days: Contact Adobe for patch availability status and timeline; in parallel, implement web application firewall (WAF) rules to detect and block reflected XSS payloads targeting Adobe Connect if feasible, and consider restricting Adobe Connect access to authenticated corporate networks only to reduce social engineering surface.

Adobe Connect CVE-2026-27245

EUVD-2026-22662 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-14 adobe

GHSA-px9p-mm95-78ww

XSS Adobe

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 28, 2026 - 03:29 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 19:37 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:39 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 18:01 euvd

EUVD-2026-22662

Analysis Generated

Apr 14, 2026 - 18:01 vuln.today

CVE Published

Apr 14, 2026 - 17:33 nvd

CRITICAL 9.3

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

AnalysisAI

Reflected XSS in Adobe Connect 12.10 and earlier enables attackers to execute malicious JavaScript in victim browsers through crafted URLs. The changed scope (S:C) indicates potential escape from Adobe Connect's application context to access other origins, elevating impact beyond typical reflected XSS. …

RemediationAI

Within 24 hours: Inventory all Adobe Connect deployments and document current versions in use. Within 7 days: Communicate to end-users to avoid clicking suspicious links in Adobe Connect meeting invitations or emails, and educate administrators on the XSS risk vector. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27245 vulnerability details – vuln.today

Back