CVE-2026-27303

Received

Published: 14 Apr 2026, 17:33

Last modified:15 Apr 2026, 03:58

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.6 CRITICAL

v3.1 (cve.org)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Apr 2026, 17:33

Published

Vulnerability first disclosed

15 Apr 2026, 03:58

Last Modified

Vulnerability information updated

Description

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVSS Metrics

v3.1•CRITICAL•Score: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Techniques & Countermeasures

CWE-502•Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Systems

adobe•adobe connect
≤ 12.10

References (1)

https://helpx.adobe.com/security/products/connect/apsb26-37.html