CVE-2026-47910

Analyzed Analyzed - Analysis Complete

Incorrect Authorization in Adobe Dreamweaver Leading to Arbitrary File Read

Publication date: 2026-06-09

Last updated on: 2026-06-11

Assigner: Adobe Systems Incorporated

Description

Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-11

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47910

EUVD

EUVD-2026-35805

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	dreamweaver	to 21.8 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-863	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

Executive Summary

This vulnerability affects Dreamweaver Desktop versions 21.7 and earlier. It is an Incorrect Authorization issue that allows an attacker to read arbitrary files on the file system. To exploit this vulnerability, an attacker needs the victim to open a malicious file, which then enables access to sensitive files and directories outside the intended access scope.

Impact Analysis

The impact of this vulnerability is that an attacker could gain unauthorized access to sensitive files and directories on your system by tricking you into opening a malicious file. This could lead to exposure of confidential information, potentially compromising your data privacy and security.

Mitigation Strategies

To mitigate this vulnerability, ensure that users do not open malicious files that could exploit the incorrect authorization issue in Dreamweaver Desktop versions 21.7 and earlier.

Consider updating Dreamweaver Desktop to a version later than 21.7 once a patch is available to address this vulnerability.

Limit user privileges and educate users about the risks of opening untrusted files to reduce the chance of exploitation.

Compliance Impact

This vulnerability allows an attacker to read arbitrary files on the file system by exploiting incorrect authorization, potentially exposing sensitive files and directories outside the intended access scope.

Such unauthorized access to sensitive data could lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

However, exploitation requires user interaction, specifically opening a malicious file, which may limit the risk but does not eliminate the compliance concerns.

Hi! I’m here to help you understand CVE-2026-47910. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70