Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-21272 (GCVE-0-2026-21272)
Vulnerability from cvelistv5 – Published: 2026-01-13 18:25 – Updated: 2026-02-26 15:04
VLAI
EPSS
Title
Dreamweaver Desktop | Improper Input Validation (CWE-20)
Summary
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation (CWE-20)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/dreamwe… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Dreamweaver Desktop |
Affected:
0 , ≤ 21.6
(semver)
|
Date Public
2026-01-13 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:42.480164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T15:04:17.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Dreamweaver Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "21.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "CHANGED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "CHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "Improper Input Validation (CWE-20)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T18:25:34.935Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dreamweaver Desktop | Improper Input Validation (CWE-20)"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2026-21272",
"datePublished": "2026-01-13T18:25:34.935Z",
"dateReserved": "2025-12-12T22:01:18.187Z",
"dateUpdated": "2026-02-26T15:04:17.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-21272",
"date": "2026-06-21",
"epss": "0.00195",
"percentile": "0.09231"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-21272\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2026-01-13T19:16:24.703\",\"lastModified\":\"2026-01-14T20:49:33.830\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@adobe.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.7\",\"matchCriteriaId\":\"18B387B5-7F08-419A-B3EC-3CB93C7E9288\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-21272\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-14T04:57:42.480164Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T18:47:09.705Z\"}}], \"cna\": {\"title\": \"Dreamweaver Desktop | Improper Input Validation (CWE-20)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"modifiedScope\": \"CHANGED\", \"temporalScore\": 8.6, \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"remediationLevel\": \"NOT_DEFINED\", \"reportConfidence\": \"NOT_DEFINED\", \"temporalSeverity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"environmentalScore\": 8.6, \"privilegesRequired\": \"NONE\", \"exploitCodeMaturity\": \"NOT_DEFINED\", \"integrityRequirement\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"LOCAL\", \"confidentialityImpact\": \"HIGH\", \"environmentalSeverity\": \"HIGH\", \"availabilityRequirement\": \"NOT_DEFINED\", \"modifiedIntegrityImpact\": \"HIGH\", \"modifiedUserInteraction\": \"REQUIRED\", \"modifiedAttackComplexity\": \"LOW\", \"confidentialityRequirement\": \"NOT_DEFINED\", \"modifiedAvailabilityImpact\": \"HIGH\", \"modifiedPrivilegesRequired\": \"NONE\", \"modifiedConfidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Adobe\", \"product\": \"Dreamweaver Desktop\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"21.6\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-01-13T17:00:00.000Z\", \"references\": [{\"url\": \"https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"Improper Input Validation (CWE-20)\"}]}], \"providerMetadata\": {\"orgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"shortName\": \"adobe\", \"dateUpdated\": \"2026-01-13T18:25:34.935Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-21272\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-26T15:04:17.424Z\", \"dateReserved\": \"2025-12-12T22:01:18.187Z\", \"assignerOrgId\": \"078d4453-3bcd-4900-85e6-15281da43538\", \"datePublished\": \"2026-01-13T18:25:34.935Z\", \"assignerShortName\": \"adobe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Title
Adobe Dreamweaver Desktop输入验证错误漏洞
Description
Adobe Dreamweaver Desktop是美国奥多比(Adobe)公司的一款网页设计与开发软件。
Adobe Dreamweaver Desktop存在输入验证错误漏洞,攻击者可利用该漏洞在系统上写入任意文件。
Severity
高
Patch Name
Adobe Dreamweaver Desktop输入验证错误漏洞的补丁
Patch Description
Adobe Dreamweaver Desktop是美国奥多比(Adobe)公司的一款网页设计与开发软件。
Adobe Dreamweaver Desktop存在输入验证错误漏洞,攻击者可利用该漏洞在系统上写入任意文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html
Reference
https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html
Impacted products
| Name | Adobe Dreamweaver Desktop <=21.6 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2026-21272",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-21272"
}
},
"description": "Adobe Dreamweaver Desktop\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u9875\u8bbe\u8ba1\u4e0e\u5f00\u53d1\u8f6f\u4ef6\u3002\n\nAdobe Dreamweaver Desktop\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2026-07187",
"openTime": "2026-01-26",
"patchDescription": "Adobe Dreamweaver Desktop\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u9875\u8bbe\u8ba1\u4e0e\u5f00\u53d1\u8f6f\u4ef6\u3002\r\n\r\nAdobe Dreamweaver Desktop\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u7cfb\u7edf\u4e0a\u5199\u5165\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Adobe Dreamweaver Desktop\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Adobe Dreamweaver Desktop \u003c=21.6"
},
"referenceLink": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html",
"serverity": "\u9ad8",
"submitTime": "2026-01-19",
"title": "Adobe Dreamweaver Desktop\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
FKIE_CVE-2026-21272
Vulnerability from fkie_nvd - Published: 2026-01-13 19:16 - Updated: 2026-06-17 10:18
Severity
Summary
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@adobe.com | https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html | Vendor Advisory |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "affected",
"product": "Dreamweaver Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "21.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"source": "psirt@adobe.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18B387B5-7F08-419A-B3EC-3CB93C7E9288",
"versionEndExcluding": "21.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed."
},
{
"lang": "es",
"value": "Las versiones 21.6 y anteriores de Dreamweaver Desktop est\u00e1n afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda conducir a una escritura arbitraria en el sistema de archivos. Un atacante podr\u00eda aprovechar esta vulnerabilidad para manipular o inyectar datos maliciosos en archivos del sistema. La explotaci\u00f3n de este problema requiere interacci\u00f3n del usuario en el sentido de que la v\u00edctima debe abrir un archivo malicioso y el alcance se modifica."
}
],
"id": "CVE-2026-21272",
"lastModified": "2026-06-17T10:18:23.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "psirt@adobe.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-21272",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T04:57:42.480164Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-01-13T19:16:24.703",
"references": [
{
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
],
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html"
}
],
"sourceIdentifier": "psirt@adobe.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "psirt@adobe.com",
"type": "Secondary"
}
]
}
GHSA-8W2G-VQ5J-7X37
Vulnerability from github – Published: 2026-01-13 21:31 – Updated: 2026-01-13 21:31
VLAI
Details
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Severity
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2026-21272"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-13T19:16:24Z",
"severity": "HIGH"
},
"details": "Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.",
"id": "GHSA-8w2g-vq5j-7x37",
"modified": "2026-01-13T21:31:44Z",
"published": "2026-01-13T21:31:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21272"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0012
Vulnerability from csaf_ncscnl - Published: 2026-01-14 13:41 - Updated: 2026-01-14 13:41Summary
Kwetsbaarheden verholpen in Adobe Dreamweaver Desktop
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Adobe heeft kwetsbaarheden verholpen in Dreamweaver Desktop (Versies 21.6 en eerder).
Interpretaties: De kwetsbaarheden bevinden zich in de wijze waarop Dreamweaver Desktop invoer valideert. Dit kan leiden tot ongeautoriseerde bestandsmanipulatie en het uitvoeren van willekeurige code. De exploitatie van deze kwetsbaarheden vereist gebruikersinteractie, zoals het openen van een kwaadaardig bestand.
Oplossingen: Adobe heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that allows for arbitrary file writing, necessitating user interaction to exploit via a malicious file.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / dreamweaver_desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that may allow arbitrary code execution with user interaction required for exploitation.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / dreamweaver_desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that may allow arbitrary code execution with user interaction required for exploitation.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / dreamweaver_desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.6 and earlier are vulnerable to OS command injection, which could allow arbitrary code execution through malicious files.
8.6 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / dreamweaver_desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.6 and earlier contain an Incorrect Authorization vulnerability that can lead to arbitrary code execution when a user opens a malicious file.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / dreamweaver_desktop
|
vers:unknown/* |
References
6 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Adobe heeft kwetsbaarheden verholpen in Dreamweaver Desktop (Versies 21.6 en eerder).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in de wijze waarop Dreamweaver Desktop invoer valideert. Dit kan leiden tot ongeautoriseerde bestandsmanipulatie en het uitvoeren van willekeurige code. De exploitatie van deze kwetsbaarheden vereist gebruikersinteractie, zoals het openen van een kwaadaardig bestand. ",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Adobe heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html"
}
],
"title": "Kwetsbaarheden verholpen in Adobe Dreamweaver Desktop",
"tracking": {
"current_release_date": "2026-01-14T13:41:56.261778Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0012",
"initial_release_date": "2026-01-14T13:41:56.261778Z",
"revision_history": [
{
"date": "2026-01-14T13:41:56.261778Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Dreamweaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Dreamweaver Desktop"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "dreamweaver_desktop"
}
],
"category": "vendor",
"name": "Adobe"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21272",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that allows for arbitrary file writing, necessitating user interaction to exploit via a malicious file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21272 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21272.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-21272"
},
{
"cve": "CVE-2026-21271",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that may allow arbitrary code execution with user interaction required for exploitation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21271 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21271.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-21271"
},
{
"cve": "CVE-2026-21268",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that may allow arbitrary code execution with user interaction required for exploitation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21268 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21268.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-21268"
},
{
"cve": "CVE-2026-21267",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"title": "CWE-78"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.6 and earlier are vulnerable to OS command injection, which could allow arbitrary code execution through malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21267 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21267.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-21267"
},
{
"cve": "CVE-2026-21274",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.6 and earlier contain an Incorrect Authorization vulnerability that can lead to arbitrary code execution when a user opens a malicious file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21274 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21274.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-21274"
}
]
}
NCSC-2026-0193
Vulnerability from csaf_ncscnl - Published: 2026-06-11 08:21 - Updated: 2026-06-11 08:21Summary
Kwetsbaarheden verholpen in Adobe Dreamweaver Desktop
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Adobe heeft meerdere kwetsbaarheden verholpen in Adobe Dreamweaver Desktop versies 21.7 en eerder.
Interpretaties: De kwetsbaarheden kunnen worden misbruikt door een gebruiker een speciaal vervaardigd kwaadaardig bestand te laten openen binnen de applicatie. De kwetsbaarheden omvatten onder andere het uitvoeren van arbitrary code door het openen van kwaadaardige bestanden, het lezen van willekeurige bestanden op het systeem door onvoldoende toegangscontrole en onjuiste autorisatie, het schrijven van bestanden door onjuiste inputvalidatie, en het gebruik van onjuist geïnitialiseerde pointers wat kan leiden tot geheugenbeschadiging. Exploitatie vereist interactie van de gebruiker met een kwaadaardig bestand en kan leiden tot het uitlekken van gevoelige data, het uitvoeren van code onder de context van de gebruiker, en het manipuleren van bestanden op het systeem.
Oplossingen: Adobe heeft updates uitgebracht om de kwetsbaarheden in Adobe Dreamweaver Desktop te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-284: Improper Access Control
CWE-824: Access of Uninitialized Pointer
CWE-863: Incorrect Authorization
CWE-1395: Dependency on Vulnerable Third-Party Component
Dreamweaver Desktop versions 21.7 and earlier contain a vulnerability in a third-party component that may enable arbitrary code execution when a user opens a malicious file.
8.6 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.7 and earlier contain an Improper Access Control vulnerability that permits attackers to read arbitrary files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.
8.6 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.7 and earlier contain an Access of Uninitialized Pointer vulnerability that may enable arbitrary code execution when a user opens a malicious file.
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.7 and earlier contain an Improper Input Validation vulnerability that enables attackers to read arbitrary system files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.
6.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
Adobe Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that enables attackers to write arbitrary files to the system when a user opens a malicious file.
8.6 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
Dreamweaver Desktop versions 21.7 and earlier contain an Incorrect Authorization vulnerability enabling attackers, via user interaction with malicious files, to access arbitrary files beyond intended permissions.
6.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Adobe / Dreamweaver
|
vers:unknown/* | ||
|
vers:unknown/*
Adobe / Dreamweaver Desktop
|
vers:unknown/* |
References
7 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Adobe heeft meerdere kwetsbaarheden verholpen in Adobe Dreamweaver Desktop versies 21.7 en eerder.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden kunnen worden misbruikt door een gebruiker een speciaal vervaardigd kwaadaardig bestand te laten openen binnen de applicatie. De kwetsbaarheden omvatten onder andere het uitvoeren van arbitrary code door het openen van kwaadaardige bestanden, het lezen van willekeurige bestanden op het systeem door onvoldoende toegangscontrole en onjuiste autorisatie, het schrijven van bestanden door onjuiste inputvalidatie, en het gebruik van onjuist ge\u00efnitialiseerde pointers wat kan leiden tot geheugenbeschadiging. Exploitatie vereist interactie van de gebruiker met een kwaadaardig bestand en kan leiden tot het uitlekken van gevoelige data, het uitvoeren van code onder de context van de gebruiker, en het manipuleren van bestanden op het systeem.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Adobe heeft updates uitgebracht om de kwetsbaarheden in Adobe Dreamweaver Desktop te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Access of Uninitialized Pointer",
"title": "CWE-824"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://helpx.adobe.com//security/products/dreamweaver/apsb26-62.html"
}
],
"title": "Kwetsbaarheden verholpen in Adobe Dreamweaver Desktop",
"tracking": {
"current_release_date": "2026-06-11T08:21:12.406643Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0193",
"initial_release_date": "2026-06-11T08:21:12.406643Z",
"revision_history": [
{
"date": "2026-06-11T08:21:12.406643Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Dreamweaver"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Dreamweaver Desktop"
}
],
"category": "vendor",
"name": "Adobe"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-47906",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "other",
"text": "Dependency on Vulnerable Third-Party Component",
"title": "CWE-1395"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.7 and earlier contain a vulnerability in a third-party component that may enable arbitrary code execution when a user opens a malicious file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47906 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47906.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-47906"
},
{
"cve": "CVE-2026-47907",
"notes": [
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.7 and earlier contain an Improper Access Control vulnerability that permits attackers to read arbitrary files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47907 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47907.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-47907"
},
{
"cve": "CVE-2026-47908",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "Access of Uninitialized Pointer",
"title": "CWE-824"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.7 and earlier contain an Access of Uninitialized Pointer vulnerability that may enable arbitrary code execution when a user opens a malicious file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47908 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47908.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-47908"
},
{
"cve": "CVE-2026-47909",
"notes": [
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.7 and earlier contain an Improper Input Validation vulnerability that enables attackers to read arbitrary system files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47909 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47909.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-47909"
},
{
"cve": "CVE-2026-21272",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Adobe Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that enables attackers to write arbitrary files to the system when a user opens a malicious file.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21272 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21272.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-21272"
},
{
"cve": "CVE-2026-47910",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Dreamweaver Desktop versions 21.7 and earlier contain an Incorrect Authorization vulnerability enabling attackers, via user interaction with malicious files, to access arbitrary files beyond intended permissions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-47910 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47910.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-47910"
}
]
}
WID-SEC-W-2026-0107
Vulnerability from csaf_certbund - Published: 2026-01-13 23:00 - Updated: 2026-01-13 23:00Summary
Adobe Dreamweaver: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dreamweaver ist ein HTML-Editor der Firma Adobe Systems.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Adobe Dreamweaver ausnutzen, um beliebigen Programmcode auszuführen und beliebige Dateisystemschreibvorgänge durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Adobe Dreamweaver <21.7
Adobe / Dreamweaver
|
<21.7 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Adobe Dreamweaver <21.7
Adobe / Dreamweaver
|
<21.7 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Adobe Dreamweaver <21.7
Adobe / Dreamweaver
|
<21.7 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Adobe Dreamweaver <21.7
Adobe / Dreamweaver
|
<21.7 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Adobe Dreamweaver <21.7
Adobe / Dreamweaver
|
<21.7 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dreamweaver ist ein HTML-Editor der Firma Adobe Systems.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Adobe Dreamweaver ausnutzen, um beliebigen Programmcode auszuf\u00fchren und beliebige Dateisystemschreibvorg\u00e4nge durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0107 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0107.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0107 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0107"
},
{
"category": "external",
"summary": "Adobe Security Bulletin vom 2026-01-13",
"url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html"
}
],
"source_lang": "en-US",
"title": "Adobe Dreamweaver: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-01-13T23:00:00.000+00:00",
"generator": {
"date": "2026-01-14T09:40:54.290+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0107",
"initial_release_date": "2026-01-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c21.7",
"product": {
"name": "Adobe Dreamweaver \u003c21.7",
"product_id": "T049950"
}
},
{
"category": "product_version",
"name": "21.7",
"product": {
"name": "Adobe Dreamweaver 21.7",
"product_id": "T049950-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:adobe:dreamweaver:21.7"
}
}
}
],
"category": "product_name",
"name": "Dreamweaver"
}
],
"category": "vendor",
"name": "Adobe"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-21267",
"product_status": {
"known_affected": [
"T049950"
]
},
"release_date": "2026-01-13T23:00:00.000+00:00",
"title": "CVE-2026-21267"
},
{
"cve": "CVE-2026-21268",
"product_status": {
"known_affected": [
"T049950"
]
},
"release_date": "2026-01-13T23:00:00.000+00:00",
"title": "CVE-2026-21268"
},
{
"cve": "CVE-2026-21271",
"product_status": {
"known_affected": [
"T049950"
]
},
"release_date": "2026-01-13T23:00:00.000+00:00",
"title": "CVE-2026-21271"
},
{
"cve": "CVE-2026-21272",
"product_status": {
"known_affected": [
"T049950"
]
},
"release_date": "2026-01-13T23:00:00.000+00:00",
"title": "CVE-2026-21272"
},
{
"cve": "CVE-2026-21274",
"product_status": {
"known_affected": [
"T049950"
]
},
"release_date": "2026-01-13T23:00:00.000+00:00",
"title": "CVE-2026-21274"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…