CVE-2026-47907
8.2 HIGHDreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file ...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
- CWE
- CWE-284
Description
Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-41837 — Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not conside... (5.3 MEDIUM)
- CVE-2026-41728 — Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path se... (7.5 HIGH)
- CVE-2026-39169 — SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php (7.5 HIGH)
- CVE-2026-36720 — Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type (8.1 HIGH)
- CVE-2026-49161 — Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally (7.8 HIGH)