CVE-2026-21274
Incorrect Authorization in Adobe Dreamweaver Allows Code Execution
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | dreamweaver | to 21.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Dreamweaver Desktop versions 21.6 and earlier is an Incorrect Authorization issue that allows an attacker to bypass security measures and execute arbitrary code with the privileges of the current user. Exploitation requires the victim to open a malicious file, enabling unauthorized code execution.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution in the context of the current user, potentially allowing attackers to perform unauthorized actions, compromise system integrity, steal data, or disrupt operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update Dreamweaver Desktop to a version later than 21.6 where the issue is fixed. Additionally, avoid opening files from untrusted sources to prevent exploitation since user interaction is required.