CVE-2026-27246

| EUVD-2026-22663 CRITICAL
2026-04-14 adobe GHSA-4c2f-hvf5-4jwv
XSS Adobe
9.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 14, 2026 - 19:39 vuln.today

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

AnalysisAI

DOM-based Cross-Site Scripting (XSS) in Adobe Connect versions 12.10 and earlier allows unauthenticated remote attackers to execute arbitrary JavaScript in victim browsers with changed scope, enabling cross-origin attacks. Exploitation requires social engineering to lure victims to a malicious webpage. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all Adobe Connect deployments and versions across the organization; communicate vulnerability details to all Connect administrators. Within 7 days: Evaluate immediate upgrade feasibility to Adobe Connect 12.11 or later when available; if upgrade cannot be completed, implement compensating controls listed below and restrict Connect access to internal networks only. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-27246 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy