CVE-2026-48252
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. Scope is changed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Adobe | Adobe Experience Manager as a Cloud Service | 0 <= 2026.5.0 | affected |
| Adobe | Adobe Experience Manager as a Cloud Service | 2026.6.0 | unaffected |
| Adobe | Adobe Experience Manager 6.5 LTS | 0 <= SP1 | affected |
| Adobe | Adobe Experience Manager 6.5 LTS | SP2 - Hotfix for NPR-43972 | unaffected |
| Adobe | Adobe Experience Manager 6.5 | 0 <= 6.5.24 | affected |
| Adobe | Adobe Experience Manager 6.5 | 6.5.25 - Hotfix for NPR-43972 | unaffected |
Weaknesses
- CWE-306: Missing Authentication for Critical Function (CWE-306)
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.