CVE 9.3 CRITICAL

Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)_CVE-2026-27246

April 14, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Description

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

AI Analysis

DOM-based Cross-Site Scripting (XSS) vulnerability in Adobe Connect

Basic Information

ID CVE-2026-27246

Source adobe

Published Apr 14, 2026 at 17:33

Modified Apr 14, 2026 at 17:55

Affected Product

Vendor Adobe

Product Adobe Connect

Affected Versions Adobe Adobe Connect 0

CWE Classification

CWE-79

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Adobe

Product Adobe Connect

Version 2025.3, 12.10 and earlier

References

helpx.adobe.com /security/products/connect/apsb26-37.html

{
    "lastseen": "",
    "description": "Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.",
    "published": "2026-04-14T17:33:47.834Z",
    "modified": "2026-04-14T17:55:44.469Z",
    "type": "cve",
    "title": "Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)",
    "source": "adobe",
    "references": "https://helpx.adobe.com/security/products/connect/apsb26-37.html",
    "id": "CVE-2026-27246",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Adobe Adobe Connect 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Adobe Connect",
    "version": "0",
    "vendor": "Adobe",
    "ai_description": "DOM-based Cross-Site Scripting (XSS) vulnerability in Adobe Connect",
    "ai_severity": "Critical",
    "ai_vendor": "Adobe",
    "ai_product": "Adobe Connect",
    "ai_version": "2025.3, 12.10 and earlier",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply