Cyber Resilience

CVE-2026-34659

CriticalRCE

Published: 12 May 2026

Published
12 May 2026
Modified
13 May 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0063 45.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-34659 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Adobe Connect Desktop Application. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 45.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier contain a deserialization of untrusted data flaw (CWE-502) that permits arbitrary code execution in the context of the current user. The vulnerability carries a CVSS 3.1 score of 9.6 with network attack vector, low complexity, no required privileges, required user interaction, and changed scope, resulting in complete loss of confidentiality, integrity, and availability.

An unauthenticated attacker can trigger the issue by supplying a maliciously crafted URL or compromised web page that the victim must visit or interact with, after which code executes under the victim's privileges and can affect resources beyond the original security scope.

The official Adobe advisory APSB26-50 at https://helpx.adobe.com/security/products/connect/apsb26-50.html addresses remediation steps for affected Connect installations. The associated EPSS score remains flat at 0.0374 with no material increase observed after disclosure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code.…

more

Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

Deserialization RCE triggered by victim visiting malicious URL or compromised page directly maps to drive-by compromise and malicious link user execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-27203Same product: Adobe Connect Desktop Application
CVE-2026-34660Same product: Adobe Connect Desktop Application
CVE-2025-61810Same vendor: Adobe
CVE-2025-49533Same vendor: Adobe
CVE-2026-27303Same product: Adobe Connect Desktop Application
CVE-2026-34615Same product: Adobe Connect Desktop Application
CVE-2025-24415Same vendor: Adobe
CVE-2024-53965Same vendor: Adobe
CVE-2025-24406Same vendor: Adobe
CVE-2025-24451Same vendor: Adobe

Affected Assets

adobe
connect desktop application
2025.9.15 · ≤ 2025.8.157

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces validation of untrusted serialized input before deserialization, blocking the malicious payload that triggers arbitrary code execution.

prevent

Requires timely application of the vendor patch (APSB26-50) that eliminates the deserialization flaw in affected Adobe Connect versions.

preventdetect

Provides malicious-code detection and blocking mechanisms that can intercept the post-deserialization payload execution triggered via the crafted URL.

References