Skip to main content

Adobe Animate 2023

6 CVEs product

Monthly

CVE-2026-48346 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

RCE Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2026-48345 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.

RCE Command Injection Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2026-48347 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.

RCE Command Injection Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2026-48349 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 stems from an incorrect authorization (CWE-863) weakness that lets code run in the context of the current user. Adobe reported the flaw via advisory APSB26-83 with a CVSS 8.1 rating; exploitation requires no user interaction but depends on conditions outside the attacker's control (reflected in high attack complexity). There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass RCE Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-48348 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an Incorrect Authorization flaw (CWE-863) that lets a maliciously crafted file run code in the context of the current user. Exploitation requires the victim to open the attacker-supplied file and depends on conditions beyond the attacker's control, and there is no public exploit identified at time of analysis. Adobe self-reported the issue and published fixes in advisory APSB26-83.

Authentication Bypass RCE Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2026-48350 HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 stems from a path traversal weakness triggered when a victim opens a maliciously crafted file, letting an attacker run code in the context of the current user and reach files or directories outside intended restrictions. The flaw carries a CVSS 3.1 base score of 8.6 with a changed scope, reflecting impact beyond the initially vulnerable component. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation risk hinges on social-engineering a user into opening a rogue project file.

Path Traversal RCE Adobe Animate 2023 Adobe Animate 2024
NVD
CVSS 3.1
8.6
EPSS
0.2%
EPSS 0% CVSS 7.9
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an untrusted search path (CWE-426) flaw that lets a malicious file, when opened by a victim, load attacker-controlled code in the context of the current user. The issue was reported by Adobe (advisory APSB26-83), requires user interaction, and carries a CVSS 3.1 base score of 7.9 with a changed scope. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

RCE Adobe Animate 2023 Adobe Animate 2024
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run commands in the context of the current user via an OS command injection flaw (CWE-78) triggered when a victim opens a maliciously crafted file. The scope-changed CVSS 3.1 score of 8.2 reflects that successful exploitation can affect resources beyond the vulnerable application. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; the primary risk gate is social-engineering the victim into opening a hostile document.

RCE Command Injection Adobe Animate 2023 +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 allows an attacker to run OS commands in the context of the current user when a victim opens a maliciously crafted file. The flaw is an OS command injection (CWE-78) with no public exploit identified at time of analysis and no active exploitation reported in CISA KEV; risk hinges on social-engineering a user into opening the file. Adobe published fixes in advisory APSB26-83.

RCE Command Injection Adobe Animate 2023 +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 stems from an incorrect authorization (CWE-863) weakness that lets code run in the context of the current user. Adobe reported the flaw via advisory APSB26-83 with a CVSS 8.1 rating; exploitation requires no user interaction but depends on conditions outside the attacker's control (reflected in high attack complexity). There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV.

Authentication Bypass RCE Adobe Animate 2023 +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 arises from an Incorrect Authorization flaw (CWE-863) that lets a maliciously crafted file run code in the context of the current user. Exploitation requires the victim to open the attacker-supplied file and depends on conditions beyond the attacker's control, and there is no public exploit identified at time of analysis. Adobe self-reported the issue and published fixes in advisory APSB26-83.

Authentication Bypass RCE Adobe Animate 2023 +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Animate 2023 and 2024 stems from a path traversal weakness triggered when a victim opens a maliciously crafted file, letting an attacker run code in the context of the current user and reach files or directories outside intended restrictions. The flaw carries a CVSS 3.1 base score of 8.6 with a changed scope, reflecting impact beyond the initially vulnerable component. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so exploitation risk hinges on social-engineering a user into opening a rogue project file.

Path Traversal RCE Adobe Animate 2023 +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy