External risk intelligence

Adobe Connect allows attackers to take over accounts or sessions via malicious links

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-27245

Adobe Connect has a critical security flaw allowing attackers to hijack user accounts or sessions by tricking people into clicking malicious links. This could expose sensitive information and requires immediate attention.

4Halo Surface Signal

Cross-site Scripting

Adobe Connect

before 12.112025.3 and earlierbefore 2025.9.15

External exposure likelihood

Halo Surface Signal score for CVE-2026-27245

Adobe Connect is a web-based collaboration platform primarily used for remote meetings. It is commonly deployed as an internet-facing web application to support remote access for participants. The vulnerability lies within its web interface, which is a key component intended for network-accessible interaction in typical usage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in Adobe Connect allows an attacker to inject malicious scripts into a web page. If a user visits a specially crafted URL, an attacker could potentially gain elevated access or control over their account or session.

  • Malicious scripts can be executed.
  • Requires user interaction with a link.
  • Affects account or session control.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this reflected Cross-Site Scripting (XSS) vulnerability by tricking a user into clicking a crafted link. This could allow the attacker to inject malicious scripts into the Adobe Connect session, potentially leading to session hijacking or unauthorized actions within the platform. The attacker does not need prior authentication to abuse this flaw.

  • Requires user interaction.
  • Targets the web interface.
  • Involves a malicious URL.

Live Threat

Current exploitation, exposure, and threat context

This reflected XSS vulnerability in Adobe Connect requires user interaction, making it less attractive for widespread, automated exploitation. Attackers typically favor vulnerabilities that can be exploited remotely without user consent, such as unauthenticated remote code execution. However, in targeted scenarios, this could still be used to compromise specific user sessions.

  • Exploitation requires user interaction.
  • No KEV listing observed.
  • Recent vendor advisory published.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize blocking malicious traffic targeting Adobe Connect and inventorying affected systems, as this reflected XSS vulnerability can lead to elevated access. If affected services cannot be immediately patched to version 12.11 or later, consider isolating them to prevent exploitation.

  • Block malicious traffic to Adobe Connect.
  • Isolate unpatched Connect instances.
  • Update Connect to version 12.11+.

Frequently asked questions

What versions of Adobe Connect are impacted by the reflected Cross-Site Scripting (XSS) vulnerability CVE-2026-27245?

Adobe Connect versions 2025.3, 12.10, and earlier are affected by this vulnerability. This includes both the web-based platform and the desktop application on Windows and macOS.

How can an attacker exploit the CVE-2026-27245 vulnerability in Adobe Connect?

An attacker can exploit this reflected Cross-Site Scripting (XSS) vulnerability by tricking a user into visiting a maliciously crafted URL. This allows the attacker to inject malicious scripts into a web page, potentially leading to elevated access or control over a victim's account or session.

What type of weakness does CVE-2026-27245 represent, and what is its impact?

CVE-2026-27245 is a reflected Cross-Site Scripting (XSS) vulnerability (CWE-79). Successful exploitation can allow an attacker to inject malicious scripts, potentially leading to session hijacking or unauthorized actions within the Adobe Connect platform, and requires user interaction.

What is the relevance of CVE-2026-27245, given it requires user interaction for exploitation?

While exploitation requires user interaction, making it less attractive for widespread automated attacks compared to remote code execution flaws, this vulnerability is still relevant for targeted attacks. An attacker could use it to compromise specific user sessions within Adobe Connect, especially since the vendor has issued an advisory.

What are the recommended steps to respond to the Adobe Connect vulnerability CVE-2026-27245?

To address this vulnerability, it is recommended to update Adobe Connect to version 12.11 or later. If immediate patching is not possible, consider isolating affected services to prevent exploitation and inventory systems to prioritize blocking malicious traffic targeting Adobe Connect.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified