← Back
2026-05-12 18:35CVE-2026-34659adobe
PUBLISHED5.2CWE-502

Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Problem type

Affected products

Adobe

Adobe Connect

<= 2025.8.157 - AFFECTED

References

helpx.adobe.com

https://helpx.adobe.com/security/products/connect/apsb26-50.html

vendor-advisory

GitHub Security Advisories

GHSA-6cgj-r9r8-5xrr

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of...

https://github.com/advisories/GHSA-6cgj-r9r8-5xrr

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-34659

helpx.adobe.com

https://helpx.adobe.com/security/products/connect/apsb26-50.html

github.com

https://github.com/advisories/GHSA-6cgj-r9r8-5xrr

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-34659
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-34659",
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "dateUpdated": "2026-05-13T03:58:20.023Z",
    "dateReserved": "2026-03-30T17:30:36.493Z",
    "datePublished": "2026-05-12T18:35:20.208Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe",
        "dateUpdated": "2026-05-12T18:35:20.208Z"
      },
      "datePublic": "2026-05-12T17:00:00.000Z",
      "title": "Adobe Connect | Deserialization of Untrusted Data (CWE-502)",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed."
        }
      ],
      "affected": [
        {
          "vendor": "Adobe",
          "product": "Adobe Connect",
          "defaultStatus": "affected",
          "versions": [
            {
              "version": "0",
              "status": "affected",
              "versionType": "semver",
              "lessThanOrEqual": "2025.8.157"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Deserialization of Untrusted Data (CWE-502)",
              "cweId": "CWE-502",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://helpx.adobe.com/security/products/connect/apsb26-50.html",
          "tags": [
            "vendor-advisory"
          ]
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ],
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "REQUIRED",
            "scope": "CHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "exploitCodeMaturity": "NOT_DEFINED",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "temporalScore": 9.6,
            "temporalSeverity": "CRITICAL",
            "confidentialityRequirement": "NOT_DEFINED",
            "integrityRequirement": "NOT_DEFINED",
            "availabilityRequirement": "NOT_DEFINED",
            "modifiedAttackVector": "NETWORK",
            "modifiedAttackComplexity": "LOW",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedUserInteraction": "REQUIRED",
            "modifiedScope": "CHANGED",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedAvailabilityImpact": "HIGH",
            "environmentalScore": 9.7,
            "environmentalSeverity": "CRITICAL"
          }
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-05-13T03:58:20.023Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}