Vulnerability Description
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Connect | < 12.11 |
| Apple | Macos | - |
| Microsoft | Windows | - |
| Adobe | Connect Desktop Application | <= 2025.3 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-27243?
CVE-2026-27243 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a w...
How severe is CVE-2026-27243?
CVE-2026-27243 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-27243?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Connect, Apple Macos, Microsoft Windows, Adobe Connect Desktop Application.