Skip to main content

Dreamweaver Desktop

5 CVEs product

Monthly

CVE-2026-47909 MEDIUM This Month

Arbitrary file system read in Adobe Dreamweaver Desktop 21.7 and earlier allows a local attacker to access sensitive files and directories outside the application's intended access scope by convincing a victim to open a specially crafted malicious file. The changed scope (S:C) in the CVSS vector confirms the impact extends beyond Dreamweaver's own security context - read access can reach OS-level files, credentials, or configuration data. No public exploit has been identified and this vulnerability is not listed in CISA KEV, placing it in a targeted rather than opportunistic threat profile.

Information Disclosure Dreamweaver Desktop
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-47910 MEDIUM This Month

Incorrect Authorization in Adobe Dreamweaver Desktop 21.7 and earlier enables arbitrary file system reads beyond the application's intended access scope when a victim opens a specially crafted malicious file. The vulnerability (CWE-863) results in a scope change - meaning access to files outside the component's normal boundary is achieved - with high confidentiality impact and no integrity or availability loss. No public exploit code has been identified and this CVE does not appear in the CISA KEV catalog at time of analysis, but the high confidentiality impact and low attack complexity make it a meaningful risk for environments where users routinely open externally sourced project files.

Authentication Bypass Dreamweaver Desktop
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-47907 HIGH This Week

Arbitrary file system read in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to access sensitive files outside the intended scope when a victim opens a crafted malicious file. The flaw stems from improper access control (CWE-284) and carries a CVSS 3.1 base score of 8.6 due to scope change, but no public exploit identified at time of analysis and EPSS is only 0.03% (8th percentile).

Authentication Bypass Dreamweaver Desktop
NVD VulDB
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-47906 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop 21.7 and earlier stems from a vulnerable third-party component bundled with the application, allowing an attacker to run code in the context of the user who opens a malicious file. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the changed-scope CVSS of 8.6 reflects the potential for the embedded component flaw to break out of Dreamweaver's security boundary.

RCE Dreamweaver Desktop
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-47908 HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 6.3
MEDIUM This Month

Arbitrary file system read in Adobe Dreamweaver Desktop 21.7 and earlier allows a local attacker to access sensitive files and directories outside the application's intended access scope by convincing a victim to open a specially crafted malicious file. The changed scope (S:C) in the CVSS vector confirms the impact extends beyond Dreamweaver's own security context - read access can reach OS-level files, credentials, or configuration data. No public exploit has been identified and this vulnerability is not listed in CISA KEV, placing it in a targeted rather than opportunistic threat profile.

Information Disclosure Dreamweaver Desktop
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Incorrect Authorization in Adobe Dreamweaver Desktop 21.7 and earlier enables arbitrary file system reads beyond the application's intended access scope when a victim opens a specially crafted malicious file. The vulnerability (CWE-863) results in a scope change - meaning access to files outside the component's normal boundary is achieved - with high confidentiality impact and no integrity or availability loss. No public exploit code has been identified and this CVE does not appear in the CISA KEV catalog at time of analysis, but the high confidentiality impact and low attack complexity make it a meaningful risk for environments where users routinely open externally sourced project files.

Authentication Bypass Dreamweaver Desktop
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary file system read in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to access sensitive files outside the intended scope when a victim opens a crafted malicious file. The flaw stems from improper access control (CWE-284) and carries a CVSS 3.1 base score of 8.6 due to scope change, but no public exploit identified at time of analysis and EPSS is only 0.03% (8th percentile).

Authentication Bypass Dreamweaver Desktop
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop 21.7 and earlier stems from a vulnerable third-party component bundled with the application, allowing an attacker to run code in the context of the user who opens a malicious file. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the changed-scope CVSS of 8.6 reflects the potential for the embedded component flaw to break out of Dreamweaver's security boundary.

RCE Dreamweaver Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Dreamweaver Desktop versions 21.7 and earlier allows attackers to run code in the context of the current user when a victim opens a malicious file. The flaw stems from access of an uninitialized pointer (CWE-824) and is tracked under Adobe advisory APSB26-62. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Memory Corruption RCE Dreamweaver Desktop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy