Description
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Published: 2026-06-09
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dreamweaver Desktop versions 21.7 and earlier contain a dependency on a vulnerable third‑party component that permits arbitrary code execution in the context of the current user. The flaw changes the scope of the affected components, meaning code can execute with the privileges of the AE application, potentially affecting system resources. An attacker can exploit the issue only when a victim opens a crafted file, as user interaction is required for delivery.

Affected Systems

Adobe Dreamweaver Desktop components bundled in versions 21.7 and earlier are impacted. All newer releases that incorporate a non‑vulnerable component are not affected.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, and the EPSS score of < 1% indicates a very low but non-zero exploitation probability. The vulnerability is not listed in CISA KEV, so no known active exploitation is reported. The attack vector is local user interaction – a malicious file must be opened within Dreamweaver to trigger the flaw, making the risk significant for users who routinely handle unknown documents.

Generated by OpenCVE AI on June 11, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Adobe's latest security update for Dreamweaver Desktop as released in the vendor advisory
  • Disallow or restrict the opening of untrusted or downloaded files within the application until the update is installed
  • Upgrade the installation to a version that omits the vulnerable third‑party component, such as Dreamweaver Desktop 22.0 or later

Generated by OpenCVE AI on June 11, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Microsoft
Microsoft windows
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:adobe:dreamweaver:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Microsoft
Microsoft windows

Wed, 10 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
First Time appeared Adobe
Adobe dreamweaver
Vendors & Products Adobe
Adobe dreamweaver

Wed, 10 Jun 2026 10:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Title Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)
Weaknesses CWE-1395
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Adobe Dreamweaver
Apple Macos
Microsoft Windows
cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-10T10:07:29.618Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47906

cve-icon Vulnrichment

Updated: 2026-06-10T10:07:25.026Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-09T20:16:59.687

Modified: 2026-06-11T19:22:22.653

Link: CVE-2026-47906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T22:45:05Z

Weaknesses