CVE-2026-47907

Analyzed Analyzed - Analysis Complete

Improper Access Control in Adobe Dreamweaver

Publication date: 2026-06-09

Last updated on: 2026-06-29

Assigner: Adobe Systems Incorporated

Description

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-29

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47907

EUVD

EUVD-2026-35804

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	dreamweaver	to 21.8 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-284	The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

Executive Summary

This vulnerability affects Dreamweaver Desktop versions 21.7 and earlier. It is an Improper Access Control issue that allows an attacker to read arbitrary files on the file system. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which then enables access to sensitive files and directories outside the intended scope.

Impact Analysis

Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive information by allowing an attacker to read files that should be protected. This could compromise confidentiality and potentially expose critical data, depending on the files accessed.

Compliance Impact

This vulnerability in Dreamweaver Desktop versions 21.7 and earlier allows an attacker to read arbitrary files on the file system, potentially accessing sensitive files and directories outside the intended scope.

Such unauthorized access to sensitive data could lead to violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

However, exploitation requires user interaction, specifically opening a malicious file, which may limit the risk but does not eliminate the compliance concerns.

Mitigation Strategies

To mitigate this vulnerability, ensure that users do not open malicious files that could exploit the improper access control in Dreamweaver Desktop versions 21.7 and earlier.

Consider updating Dreamweaver Desktop to a version later than 21.7 once a patch is available to address this issue.

Limit user privileges and educate users about the risks of opening untrusted files to reduce the chance of exploitation.

Hi! I’m here to help you understand CVE-2026-47907. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70