Adobe Connect 12.10, 2025.3 Deser: Untrusted Data Arbitrary Code Exec
CVE-2026-27303 Published on April 14, 2026

Adobe Connect | Deserialization of Untrusted Data (CWE-502)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-27303 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-27303 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2026-27303

Want to know whenever a new CVE is published for Adobe Connect? stack.watch will email you.

Adobe Connect
 

Affected Versions

Adobe Connect: