Description
Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Published: 2026-06-09
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An access of an uninitialized pointer in Dreamweaver Desktop leads to arbitrary code execution in the context of the current user. The flaw allows a malicious file to trigger code that runs with the victim’s privileges.

Affected Systems

Adobe Dreamweaver Desktop version 21.7 and any earlier releases are vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, but the EPSS score is not available. The vulnerability is not listed in CISA KEV. Exploitation requires the user to open a specially crafted file, so it is a local file‑based vulnerability that depends on user interaction. Once triggered, an attacker can execute code that runs with the victim’s privileges, potentially leading to system compromise.

Generated by OpenCVE AI on June 9, 2026 at 21:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Dreamweaver Desktop to a version newer than 21.7 that contains the patch.
  • When an immediate update is not possible, treat all unknown or suspicious files as potentially malicious and avoid opening them unless verified.
  • Monitor the system for unexpected process creation or privilege escalation and enforce least‑privilege policies for users with access to the application.

Generated by OpenCVE AI on June 9, 2026 at 21:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Title Dreamweaver Desktop | Access of Uninitialized Pointer (CWE-824)
Weaknesses CWE-824
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:59:54.179Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47908

cve-icon Vulnrichment

Updated: 2026-06-09T19:59:50.430Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:16:59.920

Modified: 2026-06-09T20:16:59.920

Link: CVE-2026-47908

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses