1. Home
  2. CVE Database
  3. CVE-2026-34660
CRITICAL · 9.3

CVE-2026-34660

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An a...

Vulnerability Description

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
AdobeConnect Desktop Application<= 2025.8.157

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2026-34660?

CVE-2026-34660 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An a...

How severe is CVE-2026-34660?

CVE-2026-34660 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-34660?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Connect Desktop Application.