CVE-2026-48286 CRITICAL

CVE-2026-48286: Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Vendor Adobe
Product Adobe Campaign Classic (ACC)
Weakness CWE-863 · Incorrect authorization
Published June 30, 2026
Last update June 30, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Key dates

02Disclosure timeline

June 30, 2026 CVE published