PatchSiren cyber security CVE debrief
CVE-2026-34694 Adobe CVE debrief
CVE-2026-34694 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier. A high-privileged attacker could abuse this vulnerability to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.
- Vendor
- Adobe
- Product
- Adobe Experience Manager Forms JEE
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability has a CVSS score of 5.9 and a CVSS severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L. The weakness is classified as CWE-79.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or mitigations provided by Adobe.
- Restrict access to vulnerable form fields to high-privileged users only.
- Implement input validation and output encoding to prevent XSS attacks.
Evidence notes
The vulnerability was published on 2026-06-09T18:16:40.023Z and modified on 2026-06-11T17:17:40.090Z.
Official resources
-
CVE-2026-34694 CVE record
CVE.org
-
CVE-2026-34694 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-34694 was published on 2026-06-09T18:16:40.023Z and modified on 2026-06-11T17:17:40.090Z.