CVE-2026-48303 – Adobe Campaign Classic
“These bugs put Adobe Campaign Classic at direct risk of full-impact compromise without user interaction.”
Adobe patched two Critical vulnerabilities in Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier. CVE-2026-48303 is an incorrect authorization vulnerability that could allow arbitrary code execution in the context of the current user. CVE-2026-47938 is a server-side request forgery vulnerability that could result in privilege escalation. CVE-2026-48303 has a CVSS score of 10.0, which is Critical severity. CVE-2026-47938 has a CVSS score of 10.0, which is Critical severity.
Exploitation does not require user interaction, which raises business risk for exposed or poorly controlled deployments. No verified exploitation, zero-day activity, or public proof-of-concept activity has been confirmed.
Key Details
- Affected Product
- Adobe Campaign
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- CWE Classification
- CWE-863