CVE-2026-21267

CWE-78 — OS Command Injection4 documents4 sources

Severity

8.6HIGH

EPSS

0.0%

top 89.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Dreamweaver Adobe Dreamweaver Desktop

Timeline

PublishedJan 13

Description

Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5adobe/dreamweaver_desktop21.6

▶NVDadobe/dreamweaver< 21.7

🔴Vulnerability Details

GHSA

GHSA-5qvq-c496-46j2: Dreamweaver Desktop versions 21↗2026-01-13

▶

CVEList

Dreamweaver Desktop | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)↗2026-01-13

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21267 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶