Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Remote unauthenticated file read needing no interaction (AV:N/AC:L/PR:N/UI:N); reads escape the component's scope (S:C) disclosing sensitive files (C:H) with no integrity or availability impact.
Primary rating from Vendor (adobe).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionNVD
Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.
AnalysisAI
Arbitrary file system read in Adobe Experience Manager (AEM as a Cloud Service, 6.5 LTS, and 6.5) lets remote unauthenticated attackers traverse outside the intended directory scope to retrieve sensitive files, per Adobe advisory APSB26-74. The CVSS 3.1 score of 8.6 is elevated by a changed scope (S:C), meaning the read reaches resources beyond the vulnerable component's security authority. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions beyond network reachability - remote unauthenticated exploitation (PR:N/UI:N/AC:L) against an exposed Adobe Experience Manager HTTP endpoint, requiring a crafted request path that supplies traversal input to reach files outside the intended directory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:N/AC:L/PR:N/UI:N) describes a network-reachable, low-complexity, unauthenticated attack with no user interaction, which is a genuinely dangerous profile, and the changed scope plus high confidentiality impact (S:C/C:H) justify the 8.6 rating for an information-disclosure-only issue (I:N/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker sends a crafted HTTP request to an internet-facing AEM instance in which a path parameter embeds directory-traversal sequences, causing the server to resolve and return a file outside the intended content directory. The attacker retrieves sensitive artifacts such as configuration files, credentials, or private content, then uses that data to deepen the compromise. … |
| Remediation | Patch available per vendor advisory (Adobe APSB26-74): apply the fixed Service Pack/hotfix for your AEM channel - the managed AEM as a Cloud Service should receive the fix through Adobe's release pipeline, while AEM 6.5 and 6.5 LTS require installing the corresponding Adobe-published Service Pack; the exact fixed version is not stated in the available data, so confirm it against https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, enumerate all AEM instances and confirm affected versions (6.5 LTS, 6.5, Cloud Service), review access logs for exploitation indicators, and implement Web Application Firewall rules to block directory traversal patterns. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Server-Side Request Forgery in Adobe Experience Manager (AEM as a Cloud Service, 6.5 LTS, and 6.5) lets a low-privileged
Sensitive file disclosure and potential account takeover in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6
Missing authentication in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6.5 LTS) lets a remote unauthentica
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44388
GHSA-qq67-g2p8-3v54