Home / Vulnerability Intelligence / CVE-2026-27245

CVE-2026-27245 - Vulnerability Analysis

CriticalCVSS: 9.3

Last Updated: April 14, 2026

Adobe Connect - Reflected XSS

Published: April 14, 2026Updated: April 14, 2026Remote Exploitable

Overview

Adobe Connect <= 2025.3, 12.10 contains a reflected XSS caused by improper input sanitization in a vulnerable page, letting attackers execute malicious JavaScript in victim's browser, exploit requires victim to visit crafted URL.

Severity & Score

Severity: Critical

CVSS Score: 9.3

Impact

Attackers can execute malicious scripts in victim's browser, potentially stealing session data or performing actions on behalf of the user.

Mitigation

Update to the latest version beyond 2025.3 or 12.10.

References

https://helpx.adobe.com/security/products/connect/apsb26-37.html

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-27245
Severity: Critical
CVSS Score: 9.3
Type: reflected_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N