CVE-2026-47909

Analyzed Analyzed - Analysis Complete

Improper Input Validation in Adobe Dreamweaver

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: Adobe Systems Incorporated

Description

Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-11

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47909

EUVD

EUVD-2026-35806

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	dreamweaver	to 21.8 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-20	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

Executive Summary

This vulnerability affects Dreamweaver Desktop versions 21.7 and earlier. It is an Improper Input Validation issue that allows an attacker to read arbitrary files on the file system. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which then enables access to sensitive files and directories outside the intended scope.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive files and directories on the affected system. This could expose confidential information, potentially leading to data breaches or leakage of private data. Since the scope is changed, the attacker can access files beyond the originally intended access boundaries.

Compliance Impact

This vulnerability allows an attacker to read arbitrary files on the file system by exploiting improper input validation, potentially exposing sensitive files and directories outside the intended access scope.

Such unauthorized access to sensitive data could lead to violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

However, exploitation requires user interaction, specifically opening a malicious file, which may reduce the likelihood but does not eliminate the risk of non-compliance due to data exposure.

Mitigation Strategies

To mitigate this vulnerability, ensure that users do not open malicious files in affected versions of Dreamweaver Desktop (version 21.7 and earlier).

Consider updating to a version later than 21.7 once a patch is available from Adobe to address the improper input validation issue.

Hi! I’m here to help you understand CVE-2026-47909. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70