CVE-2026-21268:

Improper input validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier allows arbitrary code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.6High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:19%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED

Impact

Score:6.0
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Improper input validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier allows arbitrary code execution.

Overview

CVE-2026-21268 is a high-severity vulnerability affecting Adobe Dreamweaver Desktop. It stems from improper input validation, potentially allowing attackers to execute arbitrary code. The vulnerability has a CVSS v3.1 base score of 8.6, categorized as HIGH severity. The attack vector is local, with low attack complexity and no privileges required. User interaction is necessary for exploitation, typically involving opening a malicious file. The vulnerability can impact confidentiality, integrity, and availability, all rated as HIGH. The changed scope suggests potential broader system impact beyond the vulnerable component.

Remediation

To mitigate this vulnerability, users and administrators should take the following actions:
1. Update Adobe Dreamweaver Desktop to the latest version as soon as it becomes available.
2. Exercise caution when opening files from untrusted sources in Dreamweaver.
3. Implement the principle of least privilege for user accounts running Dreamweaver.
4. Consider using application whitelisting or other security measures to prevent unauthorized code execution.
5. Monitor Adobe's security bulletins for further updates and patches related to this vulnerability.