🚨 BREAKING

Adobe Connect Critical RCE: Incorrect Authorization Leads to Code Execution

/CRITICAL /CVSS 9.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycode-executioncwe-863
Adobe Connect Critical RCE: Incorrect Authorization Leads to Code Execution

The National Vulnerability Database has disclosed CVE-2026-34660, a critical Incorrect Authorization vulnerability impacting Adobe Connect versions 2025.9.15, 2025.8.157, and earlier. This flaw carries a CVSS score of 9.3, signifying its severe potential.

This vulnerability could enable arbitrary code execution in the context of the current user. An attacker could exploit this by injecting malicious scripts into a web page, potentially escalating privileges or gaining control over a victim’s session. Exploitation requires user interaction, meaning a victim must visit a specially crafted URL or engage with a compromised web page.

While specific affected products beyond Adobe Connect versions are not detailed by the National Vulnerability Database, the broad nature of “Incorrect Authorization” (CWE-863) suggests a fundamental logic flaw. This isn’t a complex memory corruption; it’s a breakdown in how the application vets user permissions, a classic and often overlooked vector for significant compromise.

What This Means For You

  • If your organization uses Adobe Connect, you need to identify all instances running versions 2025.9.15, 2025.8.157, or earlier. Prioritize patching these systems immediately. Since user interaction is required for exploitation, ensure your security awareness training emphasizes vigilance against suspicious links and unexpected web page interactions, especially those related to Adobe Connect sessions.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1204.001 Malicious Link Initial Access T1059.007 JavaScript Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-34660 - Adobe Connect Incorrect Authorization RCE via Malicious URL

Sigma YAML — free preview 
title: CVE-2026-34660 - Adobe Connect Incorrect Authorization RCE via Malicious URL
id: scw-2026-05-12-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-34660 in Adobe Connect by looking for specific URI patterns often associated with command injection or script execution within the context of a meeting URL. This rule targets the initial access vector where an attacker crafts a malicious URL to trigger arbitrary code execution.
author: SCW Feed Engine (AI-generated)
date: 2026-05-12
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-34660/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/connect/meeting'
      cs-uri-query|contains:
          - 'cmd=' 
          - 'exec=' 
          - 'script=' 
          - 'eval=' 
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-34660 RCE Adobe Connect versions 2025.9.15 and earlier
CVE-2026-34660 RCE Adobe Connect versions 2025.8.157 and earlier
CVE-2026-34660 Incorrect Authorization Arbitrary Code Execution via malicious script injection

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 12, 2026 at 22:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

HashiCorp Nomad Code Execution (CVE-2026-7474) via Path Traversal

CVE-2026-7474 — HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This...

vulnerabilityCVEhigh-severitycode-executioncwe-22
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma

CVE-2026-44225: Pulpy Packager Allows Arbitrary File Access

CVE-2026-44225 — Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged...

vulnerabilityCVEcriticalhigh-severityarbitrary-file-accesscwe-22cwe-284
/SCW Vulnerability Desk /CRITICAL /9.3 /⚑ 3 IOCs /⚙ 3 Sigma

ArcadeDB Critical Vulnerability Bypasses Authorization Across Databases

CVE-2026-44221 — ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate...

vulnerabilityCVEcriticalhigh-severitycwe-863
/SCW Vulnerability Desk /CRITICAL /9 /⚑ 5 IOCs /⚙ 3 Sigma