CVE-2026-34659

CRITICAL

Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Title source: cna

Description

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory

https://helpx.adobe.com/security/products/connect/apsb26-50.html

Scores

CVSS v3 9.6

EPSS 0.0374

EPSS Percentile 88.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (3)

Adobe/Adobe Connect < 2025.8.157

adobe/connect_desktop_application 2025.9.15

adobe/connect_desktop_application < 2025.8.157

Published May 12, 2026

Tracked Since May 13, 2026