CVE-2026-47991

Analyzed Analyzed - Analysis Complete

Improper Redirect in Adobe Experience Manager

Publication date: 2026-06-09

Last updated on: 2026-06-10

Assigner: Adobe Systems Incorporated

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-10

Generated

2026-06-30

AI Q&A

2026-06-09

EPSS Evaluated

2026-06-28

NVD

CVE-2026-47991

EUVD

EUVD-2026-35624

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	experience_manager	6.5
adobe	experience_manager	6.5
adobe	experience_manager	to 6.5.25.0 (exc)
adobe	experience_manager	to 2026.5.0 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-601	The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Attack-Flow Graph

Executive Summary

This vulnerability is an Improper Redirect (Open Redirect) issue found in Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. It allows an attacker to create a malicious URL that, when clicked by a victim, redirects them to an attacker-controlled website.

Exploitation requires user interaction, meaning the victim must click on the malicious link for the attack to succeed.

Impact Analysis

The vulnerability could lead to an account takeover by redirecting victims to attacker-controlled sites, potentially enabling phishing or other malicious activities.

Hi! I’m here to help you understand CVE-2026-47991. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70