CVE-2026-47991
Undergoing Analysis Undergoing Analysis - In Progress
Improper Redirect in Adobe Experience Manager

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Adobe Systems Incorporated

Description
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2026-47991
EUVD
EUVD-2026-35624
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe experience_manager to 6.5.24 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Improper Redirect (Open Redirect) issue found in Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier. It allows an attacker to create a malicious URL that, when clicked by a victim, redirects them to an attacker-controlled website.

Exploitation requires user interaction, meaning the victim must click on the malicious link for the attack to succeed.

Impact Analysis

The vulnerability could lead to an account takeover by redirecting victims to attacker-controlled sites, potentially enabling phishing or other malicious activities.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47991. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart