DOM-based Cross-Site Scripting Vulnerability in Adobe Connect
CVE-2026-27246
9.3CRITICAL
What is CVE-2026-27246?
Adobe Connect, including versions 2025.3, 12.10 and earlier, is prone to a DOM-based Cross-Site Scripting (XSS) vulnerability. This security flaw allows attackers to manipulate the Document Object Model (DOM) environment. By executing malicious JavaScript within the victim's browser, an attacker can compromise user sessions or perform unauthorized actions. Exploitation of this vulnerability necessitates user interaction, as the target must visit a specially crafted webpage. It is crucial for users of Adobe Connect to apply recommended patches and security updates to mitigate this risk.
Affected Version(s)
Adobe Connect 0 <= 12.10