CVE Catalog

CVE-2026-47991

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

21th percentile - higher than 21% of all known CVEs

Summary

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site.

Risk Assessment

Exploitation of this issue could lead to account takeover, posing a serious threat to the organization's security and data.

Recommendation

It is recommended to update to the latest version of Adobe Experience Manager to mitigate this vulnerability. Users should also be educated about the risks of clicking on unknown links.

Original NVD description (English source)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS