PatchSiren cyber security CVE debrief
CVE-2026-48289 Adobe CVE debrief
CVE-2026-48289 is an Improper Input Validation vulnerability in Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. A low-privileged user could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
- Vendor
- Adobe
- Product
- Adobe Experience Manager
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-10
Who should care
Users of Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier.
Technical summary
The vulnerability is caused by improper input validation in Adobe Experience Manager. This could allow a low-privileged attacker to bypass security measures and gain unauthorized write access.
Defensive priority
Low
Recommended defensive actions
- Apply the patches mentioned in the vendor advisory (see resourceLinkAnnotations with linkId 'ref-4').
Evidence notes
The vulnerability has a CVSS score of 3.5 and is considered Low severity.
Official resources
-
CVE-2026-48289 CVE record
CVE.org
-
CVE-2026-48289 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-48289 was published on 2026-06-09T17:17:43.860Z and modified on 2026-06-10T14:47:58.927Z.