CVE-2026-21271:

Improper input validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier could allow arbitrary code execution.

Score
A numerical rating that indicates how dangerous this vulnerability is.

8.6High

Published Date:Jan 13, 2026
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:19%

Exploitability

Score:1.8
Attack Vector:LOCAL
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED

Impact

Score:6.0
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

Improper input validation vulnerability in Adobe Dreamweaver Desktop versions 21.6 and earlier could allow arbitrary code execution.

Overview

CVE-2026-21271 is a high-severity vulnerability affecting Adobe Dreamweaver Desktop. It stems from improper input validation, which could allow an attacker to execute arbitrary code. The vulnerability has a CVSS v3.1 base score of 8.6, indicating a high level of risk. The attack vector is local, requiring low attack complexity and no privileges, but user interaction is necessary for exploitation. The potential impact on confidentiality, integrity, and availability is high. This vulnerability is associated with CWE-20, which relates to improper input validation.

Remediation

To mitigate this vulnerability, users and administrators should take the following steps:
1. Update Adobe Dreamweaver Desktop to the latest version as soon as it becomes available.
2. Exercise caution when opening files from untrusted sources in Dreamweaver.
3. Implement the principle of least privilege for user accounts running Dreamweaver.
4. Consider using application whitelisting or other security measures to prevent unauthorized code execution.
5. Monitor Adobe's security bulletins for further updates and patches related to this vulnerability.