Description
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Published: 2026-06-09
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dreamweaver Desktop versions 21.7 and earlier contain an Improper Input Validation flaw that permits reading files outside the intended scope. An attacker who can supply a maliciously crafted file to the application can trigger the flaw, leading to disclosure of sensitive files and directories on the system. Because the vulnerability changes the scope, the read privilege may extend beyond the standard sandboxed environment of the application, potentially exposing system‑wide data.

Affected Systems

Adobe Dreamweaver Desktop, all installations running version 21.7 or earlier. The vulnerability applies to any product build that has not received the Adobe patch for this issue.

Risk and Exploitability

The CVSS score of 6.3 indicates a moderate severity, and while the EPSS score is not available, the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation to date. The attack requires user interaction; a victim must open a malicious file within Dreamweaver. The scope change increases the potential impact beyond the application itself, raising the risk if such a file is processed.

Generated by OpenCVE AI on June 9, 2026 at 21:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Adobe Dreamweaver Desktop update that includes the CVE‑fix.
  • Configure file system permissions so that directories containing sensitive data are not readable by the user account under which Dreamweaver runs.
  • Conduct user training to warn about opening untrusted or unknown Dreamweaver project files and to enforce strict file management policies.

Generated by OpenCVE AI on June 9, 2026 at 21:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Title Dreamweaver Desktop | Improper Input Validation (CWE-20)
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T20:54:40.988Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47909

cve-icon Vulnrichment

Updated: 2026-06-09T20:54:36.353Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:17:00.050

Modified: 2026-06-09T20:17:00.050

Link: CVE-2026-47909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T21:15:05Z

Weaknesses