CRITICAL🇵🇱 Wersja polska

CVE-2026-48303

CVSS 10.0v3.1pub. 2026-06-09upd. 2026-06-12

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

🤖 AI Analysis
How it works

The vulnerability consists of improper authorization verification (Incorrect Authorization) in Adobe Campaign Classic. An unauthenticated attacker operating over the network can, without any additional prerequisites and without user interaction, send a specially crafted request that leads to execution of arbitrary code in the context of the current application user. Since the scope is changed (Scope: Changed), the impact may extend beyond the directly attacked system component.

Impact

An attacker can execute arbitrary code on the server with Adobe Campaign Classic process privileges, which in practice means full control over the system, theft of marketing campaign data and personal data of customers, and potential lateral movement in the network environment.

Mitigation & patch

Apply patches available from the vendor immediately in accordance with the official Adobe security bulletin: https://helpx.adobe.com/security/products/campaign/apsb26-66.html. Until the update is applied, it is recommended to restrict network access to the ACC instance to trusted IP addresses only and monitor logs for unexpected requests.

Who is affected

Adobe Campaign Classic (ACC) version 7.4.3 build 9394 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Adobe Campaign

    APP
    Adobe
    7.4.3< 7.4.3
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit