CVE-2026-27246

Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)

Description

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.

INFO

Published Date :

2026-04-14T17:33:47.834Z

Last Modified :

2026-04-14T17:55:44.469Z

Source :

adobe

AFFECTED PRODUCTS

The following products are affected by CVE-2026-27246 vulnerability.

Vendors	Products
Adobe	Adobe Connect

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27246.

URL	Resource
https://helpx.adobe.com/security/products/connect/apsb26-37.html

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact