Description
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Published: 2026-06-09
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dreamweaver Desktop versions 21.7 and earlier contain a dependency on a vulnerable third‑party component that permits arbitrary code execution in the context of the current user. The flaw changes the scope of the affected components, meaning code can execute with the privileges of the AE application, potentially affecting system resources. An attacker can exploit the issue only when a victim opens a crafted file, as user interaction is required for delivery.

Affected Systems

Adobe Dreamweaver Desktop components bundled in versions 21.7 and earlier are impacted. All newer releases that incorporate a non‑vulnerable component are not affected.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, but EPSS information is not available. The vulnerability is not listed in CISA KEV, so no known active exploitation is reported. The attack vector is local user interaction – a malicious file must be opened within Dreamweaver to trigger the flaw, making the risk significant for users who routinely handle unknown documents.

Generated by OpenCVE AI on June 9, 2026 at 21:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Adobe's latest security update for Dreamweaver Desktop as released in the vendor advisory
  • Disallow or restrict the opening of untrusted or downloaded files within the application until the update is installed
  • Upgrade the installation to a version that omits the vulnerable third‑party component, such as Dreamweaver Desktop 22.0 or later

Generated by OpenCVE AI on June 9, 2026 at 21:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Title Dreamweaver Desktop | Dependency on Vulnerable Third-Party Component (CWE-1395)
Weaknesses CWE-1395
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:24:06.715Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47906

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-09T20:16:59.687

Modified: 2026-06-09T20:16:59.687

Link: CVE-2026-47906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses