Adobe Connect: Malicious Code Can Run on User's Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.3

Adobe Connect: Malicious Code Can Run on User's Browser

CVE-2026-27245

Summary

Adobe Connect versions 2025.3 and earlier have a security weakness that could allow a hacker to trick a user into visiting a malicious link, which could then run malicious code in the user's browser. This could potentially steal sensitive information or take control of the user's account. Update to a fixed version of Adobe Connect to protect against this risk.

Original title

Original description

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

nvd CVSS3.1 9.3

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://helpx.adobe.com/security/products/connect/apsb26-37.html

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026