CVE-2026-47991NVD

Vulnerability Summary

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

Severity Level

MEDIUM(4.3)

Published Date

Jun 9, 2026

Last Modified

Jun 10, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.07%Probability

Root Weakness (CWE)

CWE-601: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

ScopeUnchanged

ConfidentialityLow

IntegrityNone

AvailabilityNone

External References

https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html

Critical Alert

CVE Watchtower

CVE-2026-47991NVD

Vulnerability Summary

External References