Plattform
adobe
Komponente
adobe-connect
Behoben in
12.10.1
CVE-2026-34617 describes a Cross-Site Scripting (XSS) vulnerability present in Adobe Connect versions 2025.3 and earlier, including 12.10. Successful exploitation could allow a low-privileged attacker to inject malicious scripts, potentially leading to privilege escalation and compromise of user accounts or sessions. The vulnerability impacts versions from 0.0.0 through 12.10, and a fix is available in version 2025.3.
This XSS vulnerability in Adobe Connect allows an attacker to inject arbitrary JavaScript code into a web page viewed by other users. This can be leveraged to steal session cookies, redirect users to phishing sites, or even execute malicious code in the context of the user's browser. The impact is particularly severe if the attacker can target administrators or users with elevated privileges, potentially granting them full control over the Adobe Connect instance. The scope of this vulnerability has been updated, indicating a potentially broader impact than initially assessed.
CVE-2026-34617 was publicly disclosed on 2026-04-14. No public proof-of-concept (POC) code has been released at the time of writing, but the XSS nature of the vulnerability makes it likely that exploits will emerge. The vulnerability's severity (CVSS 8.7) suggests a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Adobe Connect for webinars, training sessions, or internal communications are at significant risk. Specifically, environments with shared user accounts or those lacking robust input validation practices are more vulnerable. Users who frequently interact with external content within Adobe Connect are also at increased risk.
• adobe / web:
grep -r 'script src=' /var/www/adobeconnect/includes/common/*.js• generic web:
curl -I https://your-adobeconnect-server/malicious.html | grep -i content-security-policy• generic web:
curl -I https://your-adobeconnect-server/ | grep -i x-frame-optionsdisclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-34617 is to upgrade Adobe Connect to version 2025.3 or later, which contains the fix. If immediate upgrading is not possible, consider implementing strict input validation and output encoding on all user-supplied data within Adobe Connect. Web Application Firewalls (WAFs) can be configured to detect and block malicious script injections. Regularly review Adobe Connect logs for suspicious activity, particularly requests containing unusual characters or patterns.
Actualice Adobe Connect a la versión 2025.3 o posterior para mitigar la vulnerabilidad de XSS. Consulte la página de Adobe Security Bulletin APSB26-37 para obtener más detalles e instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-34617 is a Cross-Site Scripting (XSS) vulnerability affecting Adobe Connect versions 0.0.0–12.10, allowing attackers to inject malicious scripts.
If you are using Adobe Connect versions 0.0.0 through 12.10, you are potentially affected by this vulnerability.
Upgrade Adobe Connect to version 2025.3 or later to remediate the vulnerability. Implement input validation and WAF rules as interim measures.
There is currently no evidence of active exploitation in the wild, but the HIGH severity score warrants immediate attention.
Refer to the official Adobe Security Bulletin for CVE-2026-34617 on the Adobe Security Advisories website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.