Description
Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Published: 2026-06-09
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dreamweaver Desktop versions 21.7 and earlier contain an Incorrect Authorization flaw that can allow an attacker to read arbitrary files from the system. Opening a malicious file triggers the bug, exposing sensitive files and directories outside the intended access scope. The issue stems from an inadequate authorization check for file access, classified as CWE-863, and results in a confidentiality breach without granting code execution or privilege escalation.

Affected Systems

Adobe Dreamweaver Desktop versions 21.7 and earlier are affected. The vulnerability applies to any installation of these releases, but the specific operating systems are not listed in the data.

Risk and Exploitability

The CVSS score of 6.3 rates the vulnerability as moderate. No EPSS metric is available, so the exploitation probability cannot be quantified, and the issue is not listed in the CISA KEV catalog. Exploitation requires user interaction—a victim must open a malicious file—and the scope is changed, meaning the flaw can affect system resources beyond the initial compromised area. Attackers can craft files that, when processed by Dreamweaver, bypass the authorization check and return file contents to the attacker. Given the need for user action and the moderate impact, the risk is moderate but warrants remediation.

Generated by OpenCVE AI on June 9, 2026 at 22:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Adobe surface patch or upgrade to a version newer than 21.7 that removes the incorrect authorization flaw.
  • Restrict Dreamweaver from opening unknown or untrusted file types, or disable the feature that processes attacker‑crafted files.
  • Enforce strict file system permissions so that Dreamweaver has read access only to directories and files that are required for normal operation.

Generated by OpenCVE AI on June 9, 2026 at 22:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Title Dreamweaver Desktop | Incorrect Authorization (CWE-863)
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-09T19:41:51.333Z

Reserved: 2026-05-20T15:50:31.359Z

Link: CVE-2026-47910

cve-icon Vulnrichment

Updated: 2026-06-09T19:41:47.772Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:17:00.177

Modified: 2026-06-09T20:17:00.177

Link: CVE-2026-47910

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:15:15Z

Weaknesses