CVE-2026-27246Cross-site Scripting in Adobe Connect

CWE-79Cross-site Scripting4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
0.1%
top 73.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Connect
Timeline
PublishedApr 14

Description

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8

Affected Packages1 packages

CVEListV5adobe/adobe_connect12.10

🔴Vulnerability Details

3
VulDB
Adobe Connect up to 12.10/2025.3 cross site scripting (apsb26-37)2026-04-14
GHSA
GHSA-4c2f-hvf5-4jwv: Adobe Connect versions 20252026-04-14
CVEList
Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)2026-04-14
CVE-2026-27246 — Cross-site Scripting in Adobe Connect | cvebase