EUVD-2026-22671
GHSA-577g-xxrf-8j42
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
AnalysisAI
Arbitrary code execution affects Adobe Connect through version 12.10 and 2025.3 via deserialization of untrusted data. Remote attackers can execute code in the victim's security context without authentication but require user interaction (UI:R), with scope change enabling cross-boundary impacts. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Adobe Connect instances in your environment and document current versions; immediately review Adobe security bulletin APSB26-37 for interim mitigation guidance. Within 7 days: Implement network-level access controls to restrict Adobe Connect exposure and apply any available security patches released by Adobe as alternatives to vulnerable versions. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today