Vulners
Lucene search
Adobe Connect <= 2025.8.157 Multiple Vulnerabilities (APSB26-50)
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | CVE-2026-34659 | 25 May 202622:34 | – | circl |
| CVE-2026-34660 | 25 May 202622:34 | – | circl |
 | Adobe Connect 安全漏洞 | 12 May 202600:00 | – | cnnvd |
| Adobe Connect 代码问题漏洞 | 12 May 202600:00 | – | cnnvd |
 | CVE-2026-34659 | 12 May 202618:35 | – | cve |
| CVE-2026-34660 | 12 May 202618:35 | – | cve |
 | CVE-2026-34659 Adobe Connect | Deserialization of Untrusted Data (CWE-502) | 12 May 202618:35 | – | cvelist |
| CVE-2026-34660 Adobe Connect | Incorrect Authorization (CWE-863) | 12 May 202618:35 | – | cvelist |
 | EUVD-2026-29740 | 12 May 202621:31 | – | euvd |
| EUVD-2026-29741 | 12 May 202621:31 | – | euvd |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(314677);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/28");
script_cve_id("CVE-2026-34659", "CVE-2026-34660");
script_xref(name:"IAVB", value:"2026-B-0124");
script_name(english:"Adobe Connect <= 2025.8.157 Multiple Vulnerabilities (APSB26-50)");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains an application that is affected by
multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe Connect installed on the remote host is prior to 2026.01.39. It is, therefore, affected by multiple
vulnerabilities as referenced in the apsb26-50 advisory.
- Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted
Data vulnerability that could result in arbitrary code execution in the context of the current user. An
attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires
user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web
page. Scope is changed. (CVE-2026-34659)
- Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization
vulnerability that could result in arbitrary code execution in the context of the current user. An
attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining
elevated access or control over the victim's account or session. Exploitation of this issue requires user
interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page.
Scope is changed. (CVE-2026-34660)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/connect/apsb26-50.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to Adobe Connect version 2026.01.39 or later.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-34659");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(502, 863);
script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/12");
script_set_attribute(attribute:"patch_publication_date", value:"2026/05/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/05/14");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:connect");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("adobe_connect_detect.nbin");
script_require_keys("installed_sw/Adobe Connect");
script_require_ports("Services/www", 80, 443);
exit(0);
}
include('vcf.inc');
include('http.inc');
var port = get_http_port(default:80);
var app_info = vcf::get_app_info(app:'Adobe Connect', port:port, webapp:TRUE);
var constraints = [
{ 'max_version' : '2025.8.157', 'fixed_version' : '2026.01.39' },
{ 'max_version' : '2025.9.15', 'fixed_version' : '2026.3.125' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 May 2026 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 3.19.6
EPSS0.03743
SSVC