CVE-2026-47991
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site.
Risk Assessment
Exploitation of this issue could lead to account takeover, posing a serious threat to the organization's security and data.
Recommendation
It is recommended to update to the latest version of Adobe Experience Manager to mitigate this vulnerability. Users should also be educated about the risks of clicking on unknown links.
Original NVD description (English source)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

