OS Command Injection Vulnerability in Adobe Animate
CVE-2026-48345

8.2HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48345?

Adobe Animate is susceptible to an OS Command Injection vulnerability, which involves improper neutralization of special elements used in OS commands. This flaw could enable an attacker to execute arbitrary code in the context of the affected user, but requires user interaction, such as opening a malicious file. It is imperative for users of Adobe Animate to apply the latest security updates to mitigate this risk.

Affected Version(s)

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2024 0 <= 24.0.13

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.