High severity8.7NVD Advisory· Published Apr 14, 2026· Updated Apr 22, 2026
CVE-2026-34617
CVE-2026-34617
Description
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Affected products
3cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:macos:*:*+ 1 more
- cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:macos:*:*range: <=2025.3
- cpe:2.3:a:adobe:connect_desktop_application:*:*:*:*:*:windows:*:*range: <2025.9.15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- helpx.adobe.com/security/products/connect/apsb26-37.htmlnvdVendor Advisory
News mentions
50- Keycard helps developers secure autonomous AI agents with scoped accessHelp Net Security · May 15, 2026
- Zombie linkages are keeping expired domains trusted for yearsHelp Net Security · May 15, 2026
- Frequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Tenable Blog · May 15, 2026
- Fragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationTenable Blog · May 14, 2026
- Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos Intelligence · May 14, 2026
- Foxconn Attack Highlights Manufacturing's Cyber CrisisDark Reading · May 14, 2026
- Microsoft turns Copilot Studio into an AI agent control centerHelp Net Security · May 14, 2026
- Machine identities outnumber humans 109 to 1Help Net Security · May 14, 2026
- Checkbox Assessments Aren't Fit to Measure RiskDark Reading · May 13, 2026
- Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirsThe Register Security · May 13, 2026
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain CompromiseRapid7 Blog · May 13, 2026
- Securing data centers in the agentic AI eraTenable Blog · May 13, 2026
- [Webinar] How Modern Attack Paths Cross Code, Pipelines, and CloudThe Hacker News · May 13, 2026
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsThe Hacker News · May 13, 2026
- It's Patch Tuesday for Microsoft & Not a Zero-Day In SightDark Reading · May 12, 2026
- Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)Tenable Blog · May 12, 2026
- Škoda warns of customer data breach after online shop hackBleepingComputer · May 12, 2026
- Adobe Patches 52 Vulnerabilities in 10 ProductsSecurityWeek · May 12, 2026
- Veeam Intelligent ResOps unifies data context and recoveryHelp Net Security · May 12, 2026
- App Store Connect API 4.3.1Apple Security Releases · May 12, 2026
- How Rapid7 is bringing Cyber GRC closer to security operationsRapid7 Blog · May 12, 2026
- Cache-poisoning caper turns TanStack npm packages toxicThe Register Security · May 12, 2026
- 20 Leaders Who Built the CISO Era: 2 Decades of ChangeDark Reading · May 12, 2026
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packagesBleepingComputer · May 12, 2026
- Why Agentic AI Is Security's Next Blind SpotThe Hacker News · May 12, 2026
- Tech Can't Stop These Threats — Your People CanDark Reading · May 11, 2026
- Google researchers uncover criminal zero-day exploit likely built with AIHelp Net Security · May 11, 2026
- Alation AI Governance creates a system of record for AI oversightHelp Net Security · May 11, 2026
- Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity SummitRapid7 Blog · May 11, 2026
- ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreThe Hacker News · May 11, 2026
- Eyes wide open: How to mitigate the security and privacy risks of smart glassesESET WeLiveSecurity · May 11, 2026
- Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakThe Hacker News · May 10, 2026
- Dirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainTenable Blog · May 8, 2026
- Why More Analysts Won’t Solve Your SOC’s Alert ProblemBleepingComputer · May 8, 2026
- Google is turning Android Studio into a policy watchdogHelp Net Security · May 8, 2026
- iOS 26.5 RC 2 (23F77)Apple Security Releases · May 8, 2026
- iPadOS 26.5 RC 2 (23F77)Apple Security Releases · May 8, 2026
- Helping North Korean IT remote workers is becoming a fast track to prisonHelp Net Security · May 8, 2026
- Wordfence Intelligence Weekly WordPress Vulnerability Report (April 27, 2026 to May 3, 2026)Wordfence Blog · May 7, 2026
- AI-Driven Cyberattack on Mexico Couldn't Breach OT SystemsDark Reading · May 7, 2026
- Red Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releasesHelp Net Security · May 7, 2026
- Anthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.Tenable Blog · May 6, 2026
- Insights into the clustering and reuse of phone numbers in scam emailsCisco Talos Intelligence · May 6, 2026
- App Store Connect UpdateApple Security Releases · May 5, 2026
- The Back Door Attackers Know About — and Most Security Teams Still Haven’t ClosedThe Hacker News · May 5, 2026
- UAT-8302 and its box full of malwareCisco Talos Intelligence · May 5, 2026
- Shadow IT has given way to shadow AI. Enter AI-BOMsThe Register Security · May 4, 2026
- Shadow IT has given way to shadow AI. Enter AI-BOMsThe Register Security · May 4, 2026
- Xcode 26.5 RC (17F42)Apple Security Releases · May 4, 2026
- visionOS 26.5 RC (23O471)Apple Security Releases · May 4, 2026