Incorrect Authorization Vulnerability in Adobe Animate
CVE-2026-48348

7.7HIGH

Key Information:

Vendor

Adobe

Vendor
CVE Published:
14 July 2026

What is CVE-2026-48348?

Adobe Animate possesses an Incorrect Authorization vulnerability that may allow an attacker to execute arbitrary code within the context of the current user. This exploitation requires specific user interactions, as the victim must open a maliciously crafted file. The scope of the vulnerability changes under certain conditions, emphasizing the need for users to remain vigilant about file origins and security practices.

Affected Version(s)

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2023 0 <= 23.0.15

Adobe Animate 2024 0 <= 24.0.13

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.