CVE-2026-48303
Received Received - Intake
Incorrect Authorization in Adobe Campaign Classic Leading to Arbitrary Code Execution

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Adobe Systems Incorporated

Description
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-48303
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
adobe campaign_classic to 7.4.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. It is an Incorrect Authorization vulnerability that allows an attacker to execute arbitrary code with the privileges of the current user. The exploitation does not require any user interaction, and the scope of the impact is changed.

Impact Analysis

The vulnerability can lead to arbitrary code execution in the context of the current user without requiring any user interaction. This means an attacker could potentially take full control over the affected system or application, leading to severe consequences such as data theft, system compromise, or disruption of services.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48303. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart