CVE-2026-34615
Deserialization Vulnerability in Adobe Connect Enables Code Execution
Publication date: 2026-04-14
Last updated on: 2026-04-28
Assigner: Adobe Systems Incorporated
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | connect | to 12.11 (exc) |
| adobe | connect_desktop_application | to 2025.3 (inc) |
| adobe | connect_desktop_application | to 2025.9.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Adobe Connect versions 2025.3, 12.10, and earlier. It is a Deserialization of Untrusted Data vulnerability, which means that the software improperly processes serialized data from untrusted sources. This flaw could allow an attacker to execute arbitrary code with the privileges of the current user without requiring any user interaction.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to arbitrary code execution on the affected system. Since the code runs with the current user's privileges, an attacker could potentially take control of the system, access sensitive information, or perform unauthorized actions. The vulnerability does not require user interaction, increasing the risk of automatic exploitation.