Adobe Experience Manager | Improper Input Validation (CWE-20)
CVE-2026-48289

3.5LOW

Key Information:

Vendor: Adobe
Status: Adobe Experience Manager
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-48289?

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.

Affected Version(s)

Adobe Experience Manager 0 <= 2026.04

References

https://helpx.adobe.com/security/products/experience-mana...

vendor-advisory

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2026
Vulnerability Reserved
May 21, 2026

CVE-2026-48289 Data

JSON