What is the CVSS score of CVE-2026-27246?

CVE-2026-27246 has a CVSS 3.1 base score of 9.3 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Adobe Connect are affected by CVE-2026-27246?

Adobe Connect versions 12.10 and earlier contain a DOM-based cross-site scripting vulnerability that could allow attackers to execute malicious code in users' browsers and potentially compromise…

Adobe Connect CVE-2026-27246

EUVD-2026-22663 CRITICAL

Cross-site Scripting (XSS) (CWE-79)

2026-04-14 adobe

GHSA-4c2f-hvf5-4jwv

XSS Adobe

9.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 28, 2026 - 03:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 22, 2026 - 19:37 vuln.today

cvss_changed

Analysis Generated

Apr 14, 2026 - 19:39 vuln.today

EUVD ID Assigned

Apr 14, 2026 - 18:01 euvd

EUVD-2026-22663

Analysis Generated

Apr 14, 2026 - 18:01 vuln.today

CVE Published

Apr 14, 2026 - 17:33 nvd

CRITICAL 9.3

DescriptionNVD

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

AnalysisAI

DOM-based XSS in Adobe Connect 12.10 and earlier (including 2025.3) enables malicious JavaScript execution in victim browsers when users visit attacker-crafted webpages. The changed scope in CVSS vector (S:C) indicates the vulnerability can affect resources beyond the vulnerable component's security authority, potentially allowing lateral access to other Connect features or sessions. …

RemediationAI

Within 24 hours: Inventory all Adobe Connect deployments and versions currently in use; notify stakeholders of the vulnerability. Within 7 days: Apply Adobe patch APSB26-37 to all affected systems running version 12.10 or earlier, prioritizing production environments; validate patch installation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-27246 vulnerability details – vuln.today

Back