CVE-2026-47991
4.3 MEDIUMAdobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability...
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 4.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
- CWE
- CWE-601
Description
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-41706 — Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that us... (6.1 MEDIUM)
- CVE-2026-41008 — Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter (6.1 MEDIUM)
- CVE-2026-28301 — A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website (4.8 MEDIUM)
- CVE-2026-47347 — Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is use...
- CVE-2026-41844 — A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an... (4.2 MEDIUM)