CVE-2026-21267:

Adobe Dreamweaver Desktop versions 21.6 and earlier are vulnerable to OS Command Injection, potentially allowing arbitrary code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.6High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.0
EPSS Percentile:9%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED

Impact

Score:6.0
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Adobe Dreamweaver Desktop versions 21.6 and earlier are vulnerable to OS Command Injection, potentially allowing arbitrary code execution.

Overview

The vulnerability in Adobe Dreamweaver Desktop is severe, with a CVSS v3.1 base score of 8.6, categorized as HIGH severity. The attack vector is local, requiring low attack complexity and no privileges. User interaction is necessary for exploitation, and the scope is changed. The potential impact on confidentiality, integrity, and availability is high. This vulnerability is associated with CWE-78, which relates to OS Command Injection. The flaw allows an attacker to execute arbitrary commands on the operating system, potentially leading to full system compromise.

Remediation

To mitigate this vulnerability, users and administrators should take the following actions:
Update Adobe Dreamweaver Desktop to the latest version as soon as it becomes available. Monitor Adobe's security bulletins for patch releases. Implement the principle of least privilege for user accounts running Dreamweaver. Exercise caution when opening files from untrusted sources. Consider implementing application whitelisting to prevent unauthorized code execution. Educate users about the risks of opening suspicious files or attachments. Regularly backup important data to minimize potential impact of exploitation.