Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Network XXE needing a low-privilege account (PR:L) and no interaction; primary impact is sensitive file read (C:H) with scope change to internal systems (S:C) and only limited integrity effect.
Primary rating from Vendor (adobe).
CVSS VectorVendor: adobe
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
Articles & Coverage 1
AnalysisAI
Sensitive file disclosure and potential account takeover in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6.5 LTS) arises from unsafe XML External Entity (XXE) processing that Adobe classifies as leading to arbitrary code execution in the current user's context. A low-privileged, authenticated attacker (PR:L) can trigger the flaw remotely over the network with no user interaction, reading protected files and pivoting to elevated access or session control. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to reach an AEM endpoint that parses attacker-supplied XML and to hold at least a low-privileged authenticated account (CVSS PR:L) - it is not anonymous/unauthenticated. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals point to a genuine high priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained a low-privileged AEM account (for example a limited author or a self-registered/leaked credential) submits a crafted XML document - such as a content package, form, or web service request - containing a malicious external entity to a vulnerable parsing endpoint. The server resolves the entity, returning the contents of sensitive local files (credentials, keystores, configuration) to the attacker, who then leverages that data to escalate privileges or hijack the victim's session. … |
| Remediation | Apply the fixes described in Adobe Security Bulletin APSB26-74 (https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html) - Patch available per vendor advisory; the exact fixed build for AEM 6.5 / 6.5 LTS should be pulled from that bulletin as the input did not include a specific version string, and AEM as a Cloud Service updates are delivered by Adobe on the managed release train, so ensure your cloud environment is on the current release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all AEM deployments by version and access tier; restrict network access to AEM consoles to defined IP ranges and multi-factor authentication; implement enhanced logging on XML file operations and authentication events. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Server-Side Request Forgery in Adobe Experience Manager (AEM as a Cloud Service, 6.5 LTS, and 6.5) lets a low-privileged
Arbitrary file system read in Adobe Experience Manager (AEM as a Cloud Service, 6.5 LTS, and 6.5) lets remote unauthenti
Missing authentication in Adobe Experience Manager (AEM as a Cloud Service, 6.5, and 6.5 LTS) lets a remote unauthentica
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-
Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44386
GHSA-5p7j-5g9r-9wjx