CVE-2026-34693 – Adobe Experience Manager Forms JEE
“A form field should collect data, not become a path to account compromise.”
Adobe patched two Cross-Site Scripting vulnerabilities in Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0, and earlier. CVE-2026-34691 is a stored XSS vulnerability with a CVSS score of 9.3, which is Critical severity. CVE-2026-34693 is a reflected XSS vulnerability with a CVSS score of 8.0, which is High severity.
Successful exploitation could allow malicious JavaScript to run in a victim’s browser, potentially giving an attacker elevated access or control over the victim’s account or session. CVE-2026-34693 requires user interaction through a crafted URL or compromised web page. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Adobe Experience Manager
- Attack Vector
- Network
- Attack Complexity
- High
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-79