← All CVEs

CVE-2026-47910

MEDIUM 6.3

Published 2026-06-09 · Last modified 2026-06-09

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 4th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

6.3CVSS 3.1 · MEDIUM

  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityNone

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: No account or privileges required
  • User interaction: A user must take an action (click / open a file)
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Adobe

Products Dreamweaver Desktop

Weakness (CWE)

  • CWE-863: Incorrect authorization

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Sources: NVD · CVE.org · EPSS