CVE 8.6 HIGH

Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) (CWE-78)_CVE-2026-21267

January 13, 2026 invoker category_cve

8.6 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

AI Analysis

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

Basic Information

ID CVE-2026-21267

Source adobe

Published Jan 13, 2026 at 18:25

Modified Jan 13, 2026 at 18:42

Affected Product

Vendor Adobe

Product Dreamweaver Desktop

Version 21.6 and earlier

Affected Versions Adobe Dreamweaver Desktop 0

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Adobe

Product Dreamweaver Desktop

Version 21.6 and earlier

References

helpx.adobe.com /security/products/dreamweaver/apsb26-01.html

{
    "lastseen": "",
    "description": "Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.",
    "published": "2026-01-13T18:25:37.183Z",
    "modified": "2026-01-13T18:42:33.694Z",
    "type": "cve",
    "title": "Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html",
    "id": "CVE-2026-21267",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Adobe Dreamweaver Desktop 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Dreamweaver Desktop",
    "version": "21.6 and earlier",
    "vendor": "Adobe",
    "ai_description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability",
    "ai_severity": "High",
    "ai_vendor": "Adobe",
    "ai_product": "Dreamweaver Desktop",
    "ai_version": "21.6 and earlier",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply