SB20260114187 - Multiple vulnerabilities in Adobe Dreamweaver
Published: January 14, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2026-21267)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Input validation error (CVE-ID: CVE-2026-21268)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
3) Improper authorization (CVE-ID: CVE-2026-21274)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to incorrect authorization checks. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
4) Input validation error (CVE-ID: CVE-2026-21271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
5) Input validation error (CVE-ID: CVE-2026-21272)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted file and execute arbitrary code on the system.
Remediation
Install update from vendor's website.