CVE-2026-47991 | THREATINT

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

PUBLISHED Reserved 2026-05-20 | Published 2026-06-09 | Updated 2026-06-09 | Assigner adobe

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Problem types

URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Product status

Default status

affected

Any version

affected

References

helpx.adobe.com/...roducts/experience-manager/apsb26-56.html vendor-advisory

cve.org (CVE-2026-47991)

nvd.nist.gov (CVE-2026-47991)

Download JSON