Description
Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Published: 2026-06-30
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Adobe Campaign Classic (ACC) is vulnerable to an incorrect authorization flaw (CWE-863) that allows an attacker to gain privileges and execute arbitrary code within the current user context. Because the flaw changes the scope of the affected system, a single exploit can impact the entire application instance. The description states that exploitation does not require user interaction, implying that once the attack vector is reached, the attacker can execute code freely.

Affected Systems

Adobe Campaign Classic releases up to and including version 7.4.3 build 9396 are affected. Systems running these versions are at risk until a newer, patched release or an applicable vendor update is applied.

Risk and Exploitability

With a CVSS score of 10, the vulnerability is considered critical. The EPSS score is not available, but the lack of user interaction requirements suggests a high likelihood of remote exploitation. The vulnerability is not currently listed in CISA’s KEV catalog. The attack vector is inferred to be remote over the network, assuming the application is exposed, and the exploit could grant full code execution capabilities on the affected instance, potentially compromising data confidentiality, integrity, and availability. The changed scope amplifies the overall impact of the vulnerability.

Generated by OpenCVE AI on June 30, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Adobe Campaign Classic to a version newer than 7.4.3 build 9396 to apply the vendor patch.
  • Revoke any currently granted excess privileges and enforce proper role‑based access controls so only authorized users can execute privileged operations.
  • Conduct a thorough audit of current user permissions and application logs to identify potential misuse or unauthorized privilege elevation.

Generated by OpenCVE AI on June 30, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.
Title Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2026-06-30T15:08:05.998Z

Reserved: 2026-05-21T15:28:38.134Z

Link: CVE-2026-48286

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T18:15:15Z

Weaknesses