Description
Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. Scope is changed.
Problem types
Missing Authentication for Critical Function (CWE-306)
Product status
Any version
2026.6.0 (custom)
Any version
SP2 - Hotfix for NPR-43972 (custom)
Any version
6.5.25 - Hotfix for NPR-43972 (custom)
References
helpx.adobe.com/...roducts/experience-manager/apsb26-74.html