CVE-2026-27246
Undergoing Analysis
Published: 14 Apr 2026, 17:33
Last modified:14 Apr 2026, 17:55
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.3 CRITICAL
v3.1 (cve.org)
EPSS Score
0.1% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Apr 2026, 17:33
Published
Vulnerability first disclosed
14 Apr 2026, 17:55
Last Modified
Vulnerability information updated
Description
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Trends
Current EPSS score: 0.10%• Percentile: 27%
Techniques & Countermeasures
- CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Affected Systems
- adobe•adobe connect
≤ 12.10