CVE-2026-47908 – Dreamweaver Desktop
“Opening a malicious project file should never become a path to code execution or data exposure.”
Adobe patched multiple vulnerabilities in Dreamweaver Desktop version 21.7 and earlier. CVE-2026-47906 has a CVSS score of 8.6, which is High severity. CVE-2026-47907 has a CVSS score of 8.2, which is High severity. CVE-2026-47908 has a CVSS score of 7.8, which is High severity.
The vulnerabilities include a dependency on a vulnerable third-party component, improper access control, and an uninitialized pointer issue. Successful exploitation could result in arbitrary code execution or unauthorized access to sensitive files and directories. All three vulnerabilities require user interaction, as a victim must open a malicious file. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Adobe Dreamweaver
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-824