Adobe Dreamweaver
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Adobe Dreamweaver.
Recent Adobe Dreamweaver Security Advisories
| Advisory | Title | Published |
|---|---|---|
| APSB26-01 | Security update available for Adobe Dreamweaver | APSB26-01 | January 13, 2026 |
| APSB25-91 | Security update available for Adobe Dreamweaver | APSB25-91 | September 9, 2025 |
| APSB25-35 | Security update available for Adobe Dreamweaver | APSB25-35 | May 13, 2025 |
| APSB24-39 | Security update available for Adobe Dreamweaver | APSB24-39 | May 14, 2024 |
| APSB21-13 | Security update available for Adobe Dreamweaver | APSB21-13 | February 9, 2021 |
| APSB20-55 | Security update available for Adobe Dreamweaver | APSB20-55 | October 20, 2020 |
By the Year
In 2026 there have been 5 vulnerabilities in Adobe Dreamweaver with an average score of 8.4 out of ten. Last year, in 2025 Dreamweaver had 1 security vulnerability published. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.64.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 5 | 8.44 |
| 2025 | 1 | 7.80 |
| 2024 | 1 | 7.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 6.20 |
It may take a day or so for new Dreamweaver vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Adobe Dreamweaver Security Vulnerabilities
OS Command Injection in Dreamweaver Desktop <=21.6 Arbitrary Exec
CVE-2026-21267
8.6 - High
- January 13, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Shell injection
Adobe Dreamweaver Desktop <21.6 Improper Input Validation Code Exec
CVE-2026-21271
8.6 - High
- January 13, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Improper Input Validation
Dreamweaver <21.6 Arbitrary Code Exec via Incorrect Authorization
CVE-2026-21274
7.8 - High
- January 13, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass security measures and execute unauthorized code. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
AuthZ
Dreamweaver 21.6 Improper Input Validation Arbitrary FS Write
CVE-2026-21272
8.6 - High
- January 13, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability to manipulate or inject malicious data into files on the system. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Improper Input Validation
CVE-2026-21268: Dreamweaver 21.6 Improper Input Validation Exec
CVE-2026-21268
8.6 - High
- January 13, 2026
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file and scope is changed.
Improper Input Validation
Dreamweaver Desktop 21.4 Type Confusion - Arbitrary Code Execution
CVE-2025-30310
7.8 - High
- May 13, 2025
Dreamweaver Desktop versions 21.4 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Object Type Confusion
Dreamweaver Desktop 21.3 OS-Cmd Injection via Desktop shell
CVE-2024-30314
7.8 - High
- May 16, 2024
Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does require user interaction.
Shell injection
Adobe Dreamweaver Untrusted Search Path Information Disclosure Vulnerability
CVE-2021-21055
6.2 - Medium
- February 11, 2021
Adobe Dreamweaver versions 21.0 (and earlier) and 20.2 (and earlier) is affected by an untrusted search path vulnerability that could result in information disclosure. An attacker with physical access to the system could replace certain configuration files and dynamic libraries that Dreamweaver references, potentially resulting in information disclosure.
Untrusted Path
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Adobe Dreamweaver or by Adobe? Click the Watch button to subscribe.
