SB2026041705 - Multiple vulnerabilities in Adobe Connect
Published: April 17, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Deserialization of Untrusted Data (CVE-ID: CVE-2026-27302)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to deserialization of untrusted data in Adobe Connect when processing untrusted serialized data. A remote attacker can deliver specially crafted data to execute arbitrary code.
User interaction is required.
2) Deserialization of Untrusted Data (CVE-ID: CVE-2026-27303)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to deserialization of untrusted data in Adobe Connect when processing untrusted serialized data. A remote attacker can deliver specially crafted data to execute arbitrary code.
User interaction is required.
3) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-27243)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to reflected cross-site scripting in Adobe Connect when handling crafted web input. A remote attacker can send a specially crafted request to execute arbitrary code.
User interaction is required.
4) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-27245)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to reflected cross-site scripting in Adobe Connect when handling crafted web input. A remote attacker can send a specially crafted request to execute arbitrary code.
User interaction is required.
5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-27246)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to cross-site scripting in Adobe Connect when processing DOM-based content. A remote attacker can send a specially crafted request to execute arbitrary code.
User interaction is required.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2026-34615)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to deserialization of untrusted data in Adobe Connect when processing untrusted serialized data. A remote attacker can deliver specially crafted data to execute arbitrary code.
User interaction is required.
7) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-34617)
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to cross-site scripting in Adobe Connect when handling crafted web input. A remote user can send a specially crafted request to escalate privileges.
8) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-21331)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to reflected cross-site scripting in Adobe Connect when handling crafted web input. A remote attacker can send a specially crafted request to execute arbitrary code.
User interaction is required.
9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-ID: CVE-2026-34614)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to reflected cross-site scripting in Adobe Connect when handling crafted web input. A remote attacker can send a specially crafted request to execute arbitrary code.
User interaction is required.
Remediation
Install update from vendor's website.