Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
4222 articles · 176099 vulns · 37/41 feeds (7d)
← Back to list
8.6
CVE-2026-48252EXPLOITEDPATCHED
adobe · adobe experience manager as a cloud service

Adobe Experience Manager | Missing Authentication for Critical Function (CWE-306)

Description

Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction. Scope is changed.

Affected Products

VendorProductVersions
adobeadobe experience manager as a cloud service0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
adobeexperiencecert_advisory90%

References

  • https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html(vendor-advisory)

Related News (2 articles)

Tier B
BSI Advisories4h ago
[NEU] [hoch] Adobe Experience Manager: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB15h ago
CVE-2026-48252 | Adobe Experience Manager Critical Function missing authentication
→ No new info (linked only)
CVSS 3.18.6 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
2026.6.0SP2 - Hotfix for NPR-439726.5.25 - Hotfix for NPR-43972
CWECWE-306
PublishedJul 14, 2026
Last enriched15h agov2
Trending Score67
Source articles2
Independent2
Info Completeness9/14
Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-48318EXP
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 69
CRITICALCVE-2026-48322EXP
ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
Trending: 65
CRITICALCVE-2026-48284EXP
ColdFusion | Improper Input Validation (CWE-20)
Trending: 65
CRITICALCVE-2026-48282EXPKEV
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 58
HIGHCVE-2026-48310EXP
Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Trending: 57

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 14, 2026
Discovered by ZDM
Jul 14, 2026
Updated: description, severity, activelyExploited
Jul 14, 2026
Actively Exploited
Jul 15, 2026
Patch Available
Jul 15, 2026

Version History

v2
Last enriched 15h ago
v2Tier C15h ago

Updated severity to CRITICAL, changed exploit availability to false, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited
via VulDB
v118h ago

Initial creation