PatchSiren cyber security CVE debrief
CVE-2026-34693 Adobe CVE debrief
CVE-2026-34693 is a reflected Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
- Vendor
- Adobe
- Product
- Adobe Experience Manager Forms JEE
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 8 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N. The weakness is classified as CWE-79.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or mitigations provided by Adobe to prevent exploitation of this vulnerability. See [ref-4](https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html) for more information.
Evidence notes
Evidence for this CVE comes from the official CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-34693) and the National Vulnerability Database [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-34693).
Official resources
-
CVE-2026-34693 CVE record
CVE.org
-
CVE-2026-34693 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34693 was published on 2026-06-09T18:16:39.750Z and modified on 2026-06-11T17:22:50.350Z.