CVE-2026-34617:
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Score
A numerical rating that indicates how dangerous this vulnerability is.
8.7High- Published Date:Apr 14, 2026
- CISA KEV Date:*No Data*
- Industries Affected:20
Exploitability
- Score:2.3
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:LOW
- User Interaction:REQUIRED
- Scope:CHANGED
Impact
- Score:5.8
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:NONE
Description Preview
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
