Description
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published: 2026-01-13
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Arbitrary Code Execution
Action: Patch Immediately
AI Analysis

Impact

An improper input validation flaw in Adobe Dreamweaver Desktop allows an attacker to craft a malicious file that, when opened by a user, causes the application to execute arbitrary code in the context of that user. The vulnerability is triggered by user interaction—specifically, the victim must open a specially crafted file—resulting in the local compromise of the affected system.

Affected Systems

Adobe Dreamweaver Desktop versions 21.6 and earlier are vulnerable. The flaw exists on any hardware platform running the supported operating systems, including macOS and Windows, as the software bundle is cross‑platform.

Risk and Exploitability

The flaw carries a CVSS score of 8.6, indicating high severity. EPSS is reported as below 1%, suggesting a currently low exploitation probability; it is not listed in CISA’s KEV catalog. Because an attacker must deliver a malicious file to the target user, the attack vector is local/user interaction. Successful exploitation would enable the attacker to execute arbitrary code with the privileges of the victim user, potentially leading to system compromise.

Generated by OpenCVE AI on April 18, 2026 at 06:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dreamweaver Desktop to a version newer than 21.6, as specified in Adobe’s security advisory.
  • Check Adobe’s security website or the application’s update feature for the latest patch release.
  • Avoid opening or importing unknown files into Dreamweaver until a compliant version is installed.

Generated by OpenCVE AI on April 18, 2026 at 06:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 14 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dreamweaver
Vendors & Products Adobe
Adobe dreamweaver

Tue, 13 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Title Dreamweaver Desktop | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Adobe Dreamweaver
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-26T15:04:16.780Z

Reserved: 2025-12-12T22:01:18.187Z

Link: CVE-2026-21271

cve-icon Vulnrichment

Updated: 2026-01-13T18:43:50.907Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T19:16:24.543

Modified: 2026-01-14T20:50:28.960

Link: CVE-2026-21271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses