CVE-2026-34659 CRITICAL

CVE-2026-34659: Adobe Connect | Deserialization of Untrusted Data (CWE-502)

Vendor Adobe

Product Adobe Connect

Weakness CWE-502 · Unsafe deserialization

Published May 12, 2026

Last update May 13, 2026

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Key dates

02Disclosure timeline

May 12, 2026 CVE published

May 13, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-34659 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2026-32511 WordPress Stål theme < 1.7 - Arbitrary Object Instantiation vulnerability CVE-2023-46604 Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack CVE-2022-43567 Remote Code Execution via the Splunk Secure Gateway application Mobile Alerts feature CVE-2025-41700 CODESYS Development System - Deserialization of Untrusted Data CVE-2025-60237 WordPress Finag theme <= 1.5.0 - PHP Object Injection vulnerability