CVE-2026-47991 | Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 a… | CVSS 4.3 MEDIUM

Description

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.

Metadata

CVE ID: CVE-2026-47991
State: PUBLISHED
Assigner: adobe
Reserved: 2026-05-20 15:50 UTC
Published: 2026-06-09 16:48 UTC
Last updated: 2026-06-09 17:36 UTC
Primary CWE: CWE-601
URL Redirection to Untrusted Site ('Open Redirect') (CWE-601…
Vendor / Product: Adobe / Adobe Experience Manager
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Adobe	Adobe Experience Manager	—	0 ≤ 2026.04

Weakness (CWE)

CWE	Source	Description
CWE-601	cna	URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References (1)

https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html