Incorrect Authorization Vulnerability in Adobe Connect Software
CVE-2026-34660

9.3CRITICAL

Key Information:

Vendor: Adobe
Status: Adobe Connect
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34660?

Adobe Connect is susceptible to an Incorrect Authorization vulnerability present in versions up to 2025.9.15. This flaw could allow malicious users to exploit arbitrary code execution in the context of an authenticated session, potentially compromising user accounts. Attackers could embed harmful scripts within web pages, requiring victims to engage with a specially crafted URL or a manipulated webpage to activate the exploit. Such vulnerabilities are critical to address to safeguard user data and maintain the integrity of the application.

Affected Version(s)

Adobe Connect 0 <= 2025.8.157

References

https://helpx.adobe.com/security/products/connect/apsb26-...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34660 Data

JSON