Skip to main content

Dreamweaver

13 CVEs product

Monthly

CVE-2026-21274 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier stems from an incorrect authorization flaw that allows attackers to bypass security controls when a user opens a malicious file. An attacker can execute code with the privileges of the current user, potentially compromising the system. No patch is currently available for this vulnerability.

Authentication Bypass RCE Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21272 HIGH This Week

Dreamweaver Desktop versions 21.6 and earlier suffer from improper input validation that enables arbitrary file writes when a user opens a malicious file. An attacker can exploit this to manipulate or inject malicious content into the victim's file system with broad impact across confidentiality, integrity, and availability. No patch is currently available.

Code Injection Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-21271 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver versions 21.6 and earlier allows local attackers to execute commands with user privileges by delivering malicious files that bypass input validation. Successful exploitation requires social engineering to convince a user to open a crafted file, with impact extending beyond the application context. No patch is currently available for this high-severity vulnerability.

RCE Code Injection Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-21268 HIGH This Week

Improper input validation in Adobe Dreamweaver 21.6 and earlier allows arbitrary code execution with user privileges through a malicious file. An attacker can exploit this vulnerability by tricking a user into opening a crafted file, with no special privileges required. A patch is currently unavailable, making this a significant risk for affected Dreamweaver users.

RCE Code Injection Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2026-21267 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier via OS command injection allows attackers to execute arbitrary commands on affected systems when a victim opens a malicious file. The vulnerability requires local access and user interaction but impacts all confidentiality, integrity, and availability of the system. No patch is currently available.

Command Injection Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-54256 HIGH This Month

Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Dreamweaver
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-30310 HIGH This Week

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-30314 HIGH This Week

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-21055 MEDIUM This Month

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Adobe Dreamweaver
NVD
CVSS 3.1
6.2
EPSS
0.8%
CVE-2020-24425 HIGH PATCH This Week

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dreamweaver
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-7956 HIGH This Week

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Dreamweaver
NVD
CVSS 3.0
7.8
EPSS
3.3%
CVE-2019-7097 HIGH This Week

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Dreamweaver
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-4924 CRITICAL Act Now

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection Dreamweaver
NVD
CVSS 3.0
9.8
EPSS
14.5%
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier stems from an incorrect authorization flaw that allows attackers to bypass security controls when a user opens a malicious file. An attacker can execute code with the privileges of the current user, potentially compromising the system. No patch is currently available for this vulnerability.

Authentication Bypass RCE Dreamweaver
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Dreamweaver Desktop versions 21.6 and earlier suffer from improper input validation that enables arbitrary file writes when a user opens a malicious file. An attacker can exploit this to manipulate or inject malicious content into the victim's file system with broad impact across confidentiality, integrity, and availability. No patch is currently available.

Code Injection Dreamweaver
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver versions 21.6 and earlier allows local attackers to execute commands with user privileges by delivering malicious files that bypass input validation. Successful exploitation requires social engineering to convince a user to open a crafted file, with impact extending beyond the application context. No patch is currently available for this high-severity vulnerability.

RCE Code Injection Dreamweaver
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper input validation in Adobe Dreamweaver 21.6 and earlier allows arbitrary code execution with user privileges through a malicious file. An attacker can exploit this vulnerability by tricking a user into opening a crafted file, with no special privileges required. A patch is currently unavailable, making this a significant risk for affected Dreamweaver users.

RCE Code Injection Dreamweaver
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver 21.6 and earlier via OS command injection allows attackers to execute arbitrary commands on affected systems when a victim opens a malicious file. The vulnerability requires local access and user interaction but impacts all confidentiality, integrity, and availability of the system. No patch is currently available.

Command Injection Dreamweaver
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Dreamweaver
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Dreamweaver
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Dreamweaver
NVD
EPSS 1% CVSS 6.2
MEDIUM This Month

Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Adobe Dreamweaver
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Dreamweaver
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Dreamweaver
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Dreamweaver
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe RCE Command Injection +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy