PatchSiren cyber security CVE debrief
CVE-2026-34691 Adobe CVE debrief
CVE-2026-34691 is a stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager Forms JEE. Versions LTS SP1, 6.5.24.0 and earlier are affected. An attacker could abuse this vulnerability to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session.
- Vendor
- Adobe
- Product
- Adobe Experience Manager Forms JEE
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS score of 9.3 and is classified as CRITICAL. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. The weakness is CWE-79.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by Adobe to vulnerable systems.
- Implement additional security measures such as input validation and output encoding.
- Monitor systems for suspicious activity.
Evidence notes
Evidence from NVD and Adobe.
Official resources
-
CVE-2026-34691 CVE record
CVE.org
-
CVE-2026-34691 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34691 was published on 2026-06-09T18:16:38.387Z and modified on 2026-06-11T17:29:49.867Z.