CVE-2026-47991

CVE Database · CVE-2026-47991

CVE-2026-47991

· MEDIUMAnalyzed

CVSS v3.1

4.3

EPSS

0.25%

Published

Jun 9, 2026

Modified

Jun 10, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-601

Affected Products (4)

adobe · experience_manager (up to 6.5.25.0)vulnerable

adobe · experience_manager (up to 2026.5.0)vulnerable

adobe · experience_managervulnerable

References (1)

https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs