CVE-2026-48303 – Adobe Campaign Classic

CVSS 10 CRITICAL Critical or Zero Day – Immediate Deployment

“These bugs put Adobe Campaign Classic at direct risk of full-impact compromise without user interaction.”

Adobe patched two Critical vulnerabilities in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. CVE-2026-48303 is an incorrect authorization vulnerability that could allow arbitrary code execution in the context of the current user. CVE-2026-47938 is a server-side request forgery vulnerability that could result in privilege escalation. CVE-2026-48303 has a CVSS score of 10.0, which is Critical severity. CVE-2026-47938 has a CVSS score of 10.0, which is Critical severity.

Exploitation does not require user interaction, which raises business risk for exposed or poorly controlled deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.

Key Details

Affected Product
Adobe Campaign
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
CWE Classification
CWE-863
Patch this CVE on all your endpoints in under 5 minutes. First 200 endpoints are free forever, scale as needed.