PatchSiren cyber security CVE debrief
CVE-2026-47909 Adobe CVE debrief
CVE-2026-47909 is an Improper Input Validation vulnerability in Adobe Dreamweaver Desktop versions 21.7 and earlier. This vulnerability could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
- Vendor
- Adobe
- Product
- Dreamweaver
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Users of Adobe Dreamweaver Desktop versions 21.7 and earlier should apply the necessary updates to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by improper input validation in Adobe Dreamweaver Desktop versions 21.7 and earlier. This allows an attacker to perform an arbitrary file system read, potentially leading to the access of sensitive files and directories outside the intended scope.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply updates to Adobe Dreamweaver Desktop to version 21.8 or later.
- Ensure users are aware of the risks and do not open malicious files.
Evidence notes
The vulnerability has a CVSS score of 6.3 and is classified as MEDIUM severity.
Official resources
-
CVE-2026-47909 CVE record
CVE.org
-
CVE-2026-47909 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-47909 was published on 2026-06-09T20:17:00.050Z and modified on 2026-06-11T19:18:51.483Z.