OS Command Injection Vulnerability in Adobe Animate
CVE-2026-48347

7.7HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48347?

Adobe Animate is susceptible to an OS Command Injection vulnerability, caused by improper neutralization of special elements used in OS commands. This flaw potentially allows an attacker to execute arbitrary code within the context of the current user. Exploiting this vulnerability necessitates user interaction, as the victim must open a specially crafted malicious file. Users of affected versions should take immediate action to safeguard their systems.

Affected Version(s)

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2024 0 <= 24.0.13

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.