Vulnerability Description
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Connect | < 12.11 |
| Apple | Macos | - |
| Microsoft | Windows | - |
| Adobe | Connect Desktop Application | <= 2025.3 |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-34617?
CVE-2026-34617 is a vulnerability with a CVSS score of 8.7 (HIGH). Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vuln...
How severe is CVE-2026-34617?
CVE-2026-34617 has been rated HIGH with a CVSS base score of 8.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-34617?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Connect, Apple Macos, Microsoft Windows, Adobe Connect Desktop Application.