CVE-2026-47906 – Dreamweaver Desktop

CVSS 8.6 IMPORTANT High with EoP or RCE – Expedited Deployment

“Opening a malicious project file should never become a path to code execution or data exposure.”

Adobe patched multiple vulnerabilities in Dreamweaver Desktop version 21.7 and earlier. CVE-2026-47906 has a CVSS score of 8.6, which is High severity. CVE-2026-47907 has a CVSS score of 8.2, which is High severity. CVE-2026-47908 has a CVSS score of 7.8, which is High severity.

The vulnerabilities include a dependency on a vulnerable third-party component, improper access control, and an uninitialized pointer issue. Successful exploitation could result in arbitrary code execution or unauthorized access to sensitive files and directories. All three vulnerabilities require user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Adobe Dreamweaver
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.