Incorrect Authorization in Adobe Campaign Classic Leading to Arbitrary Code Execution

Publication date: 2026-06-09

Last updated on: 2026-06-12

Assigner: Adobe Systems Incorporated

Description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-09

Last Modified

2026-06-12

Generated

2026-06-30

AI Q&A

2026-06-10

EPSS Evaluated

2026-06-28

NVD

CVE-2026-48303

Affected Vendors & Products

Vendor	Product	Version / Range
adobe	campaign	to 7.4.3 (exc)
adobe	campaign	7.4.3

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-863	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

Executive Summary

This vulnerability affects Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. It is an Incorrect Authorization vulnerability that allows an attacker to execute arbitrary code with the privileges of the current user. The exploitation does not require any user interaction, and the scope of the impact is changed.

Impact Analysis

The vulnerability can lead to arbitrary code execution in the context of the current user without requiring any user interaction. This means an attacker could potentially take full control over the affected system or application, leading to severe consequences such as data theft, system compromise, or disruption of services.

Hi! I’m here to help you understand CVE-2026-48303. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70