PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48303 Adobe CVE debrief

CVE-2026-48303 is a critical vulnerability in Adobe Campaign Classic (ACC). Versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization issue, which could result in arbitrary code execution in the context of the current user. This vulnerability has a CVSS score of 10 and a severity rating of CRITICAL. Exploitation does not require user interaction, and the scope has been changed.

Vendor
Adobe
Product
Campaign
CVSS
CRITICAL 10
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-12
Advisory published
2026-06-09
Advisory updated
2026-06-12

Who should care

Users of Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier should prioritize patching this vulnerability to prevent potential code execution.

Technical summary

The vulnerability, tracked as CVE-2026-48303, is caused by an Incorrect Authorization issue in Adobe Campaign Classic (ACC). This could allow for arbitrary code execution in the context of the current user. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 10, indicating the highest severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Defensive priority

High

Recommended defensive actions

  • Apply patches: Adobe has released patches for this vulnerability. Users should update to the latest version to mitigate the risk.
  • Refer to vendor advisory: For more information, refer to [ref-4](https://helpx.adobe.com/security/products/campaign/apsb26-66.html).

Evidence notes

The CVE-2026-48303 vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-48303) and detailed information can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-48303).

Official resources

CVE-2026-48303 was published on 2026-06-09T21:17:25.510Z and modified on 2026-06-12T15:02:37.607Z.