Description
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Published: 2026-01-13
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File System Write
Action: Apply Patch
AI Analysis

Impact

Improper Input Validation in Dreamweaver Desktop versions 21.6 and earlier allows an attacker to manipulate or inject malicious data into files on the system, leading to arbitrary file system write privileges when a victim opens a crafted file.

Affected Systems

Adobe Dreamweaver Desktop for Windows and macOS, versions 21.6 and earlier are affected; the vulnerability applies on both Windows and macOS operating systems as indicated by the associated CPE entries.

Risk and Exploitability

The vulnerability has a CVSS score of 8.6, indicating high severity, but an EPSS of less than 1% suggests a very low likelihood of exploitation. It is not listed in the CISA Known Exploited Vulnerabilities catalog, and it requires user interaction to open a malicious file, limiting the attack surface to local threat actors.

Generated by OpenCVE AI on April 18, 2026 at 06:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Dreamweaver Desktop version (21.7 or newer) to apply the patch that fixes the input validation flaw.
  • Educate users to avoid opening files from untrusted sources and to verify the integrity of files before opening them in Dreamweaver.
  • Where a patch cannot be applied immediately, restrict Dreamweaver's ability to open files by implementing application whitelisting or disabling automatic file opening, thereby mitigating the risk of accidental exploitation.

Generated by OpenCVE AI on April 18, 2026 at 06:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 14 Jan 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
CPEs cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 14 Jan 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dreamweaver
Vendors & Products Adobe
Adobe dreamweaver

Tue, 13 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 13 Jan 2026 18:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Title Dreamweaver Desktop | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Adobe Dreamweaver
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-02-26T15:04:17.424Z

Reserved: 2025-12-12T22:01:18.187Z

Link: CVE-2026-21272

cve-icon Vulnrichment

Updated: 2026-01-13T18:47:09.705Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-13T19:16:24.703

Modified: 2026-01-14T20:49:33.830

Link: CVE-2026-21272

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:45:23Z

Weaknesses