CVE-2026-48303 CRITICAL

CVE-2026-48303: Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863)

Vendor Adobe

Product Adobe Campaign Classic (ACC)

Weakness CWE-863 · Incorrect authorization

Published June 9, 2026

Last update June 10, 2026

View on NVD All CVEs

CVSS base score

10.0/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Key dates

02Disclosure timeline

June 9, 2026 CVE published

June 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-48303 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files. CVE-2026-42429 OpenClaw < 2026.4.8 - Privilege Escalation via Gateway Plugin HTTP Authentication CVE-2024-10295 Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request CVE-2025-27715 Auto-Enrollment of Team Admins into Private Channels without explicit consent CVE-2026-34532 Parse Server: Cloud function validator bypass via prototype chain traversal

Identifiers

CVE CVE-2026-48303

CWE CWE-863

CVSS 10.0 / CRITICAL

Affected versions

Vendor Adobe

Product Adobe Campaign Classic (ACC)

Affected ≤ 7.4.3 build 9394