CVE-2026-47991 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2026-47991

Analyzed

More Info Official Page

Source-psirt@adobe.com

Published At-09 Jun, 2026 | 17:17

Updated At-10 Jun, 2026 | 14:56

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CPE Matches

>>experience_manager>>Versions before 6.5.25.0(exclusive)

cpe:2.3:a:adobe:experience_manager:*:*:*:*:-:*:*:*

>>experience_manager>>Versions before 2026.5.0(exclusive)

cpe:2.3:a:adobe:experience_manager:*:*:*:*:aem_cloud_service:*:*:*

>>experience_manager>>6.5

cpe:2.3:a:adobe:experience_manager:6.5:-:*:*:lts:*:*:*

>>experience_manager>>6.5

cpe:2.3:a:adobe:experience_manager:6.5:sp1:*:*:lts:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	psirt@adobe.com

CWE ID: CWE-601

Type: Primary

Source: psirt@adobe.com

References

Hyperlink	Source	Resource
https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html	psirt@adobe.com	Vendor Advisory

Hyperlink: https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html

Source: psirt@adobe.com

Resource:

Vendor Advisory