Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
History

Wed, 15 Jul 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
Description Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.
Title Adobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (CWE-611)
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2026-07-14T19:21:00.902Z

Updated: 2026-07-15T19:38:48.564Z

Reserved: 2026-05-21T15:28:38.140Z

Link: CVE-2026-48359

cve-icon Vulnrichment

Updated: 2026-07-15T10:31:18.198Z

cve-icon NVD

No data.

cve-icon Redhat

No data.