PatchSiren cyber security CVE debrief
CVE-2026-47938 Adobe CVE debrief
A critical vulnerability was discovered in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. This Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2026-47938, could result in privilege escalation. The vulnerability has a CVSS score of 10 and a severity rating of CRITICAL. Exploitation of this issue does not require user interaction.
- Vendor
- Adobe
- Product
- Adobe Campaign Classic (ACC)
- CVSS
- CRITICAL 10
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Administrators and users of Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a Server-Side Request Forgery (SSRF) issue in Adobe Campaign Classic (ACC). This could allow an attacker to make unauthorized requests on behalf of the server, potentially leading to privilege escalation.
Defensive priority
High
Recommended defensive actions
- Apply the necessary patches or updates provided by Adobe to fix the vulnerability.
- Review and restrict server-side request forgery configurations to minimize the attack surface.
- Monitor systems for suspicious activity that could be related to exploitation attempts.
Evidence notes
The CVE-2026-47938 vulnerability was published on 2026-06-09T21:17:23.580Z and modified on 2026-06-10T18:35:49.083Z. The vulnerability affects Adobe Campaign Classic versions 7.4.3 build 9394 and earlier.
Official resources
-
CVE-2026-47938 CVE record
CVE.org
-
CVE-2026-47938 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47938 was published on 2026-06-09T21:17:23.580Z and modified on 2026-06-10T18:35:49.083Z.