{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Adobe heeft meerdere kwetsbaarheden verholpen in Adobe Dreamweaver Desktop versies 21.7 en eerder.", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden kunnen worden misbruikt door een gebruiker een speciaal vervaardigd kwaadaardig bestand te laten openen binnen de applicatie. De kwetsbaarheden omvatten onder andere het uitvoeren van arbitrary code door het openen van kwaadaardige bestanden, het lezen van willekeurige bestanden op het systeem door onvoldoende toegangscontrole en onjuiste autorisatie, het schrijven van bestanden door onjuiste inputvalidatie, en het gebruik van onjuist geïnitialiseerde pointers wat kan leiden tot geheugenbeschadiging. Exploitatie vereist interactie van de gebruiker met een kwaadaardig bestand en kan leiden tot het uitlekken van gevoelige data, het uitvoeren van code onder de context van de gebruiker, en het manipuleren van bestanden op het systeem.", "title": "Interpretaties" }, { "category": "description", "text": "Adobe heeft updates uitgebracht om de kwetsbaarheden in Adobe Dreamweaver Desktop te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Access of Uninitialized Pointer", "title": "CWE-824" }, { "category": "general", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "general", "text": "Dependency on Vulnerable Third-Party Component", "title": "CWE-1395" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference", "url": "https://helpx.adobe.com//security/products/dreamweaver/apsb26-62.html" } ], "title": "Kwetsbaarheden verholpen in Adobe Dreamweaver Desktop", "tracking": { "current_release_date": "2026-06-11T08:21:12.406643Z", "generator": { "date": "2025-08-04T16:30:00Z", "engine": { "name": "V.A.", "version": "1.3" } }, "id": "NCSC-2026-0193", "initial_release_date": "2026-06-11T08:21:12.406643Z", "revision_history": [ { "date": "2026-06-11T08:21:12.406643Z", "number": "1.0.0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "Dreamweaver" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/*", "product": { "name": "vers:unknown/*", "product_id": "CSAFPID-2" } } ], "category": "product_name", "name": "Dreamweaver Desktop" } ], "category": "vendor", "name": "Adobe" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-47906", "cwe": { "id": "CWE-1395", "name": "Dependency on Vulnerable Third-Party Component" }, "notes": [ { "category": "other", "text": "Dependency on Vulnerable Third-Party Component", "title": "CWE-1395" }, { "category": "description", "text": "Dreamweaver Desktop versions 21.7 and earlier contain a vulnerability in a third-party component that may enable arbitrary code execution when a user opens a malicious file.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47906 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47906.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 8.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-47906" }, { "cve": "CVE-2026-47907", "notes": [ { "category": "description", "text": "Dreamweaver Desktop versions 21.7 and earlier contain an Improper Access Control vulnerability that permits attackers to read arbitrary files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47907 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47907.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 8.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-47907" }, { "cve": "CVE-2026-47908", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "other", "text": "Access of Uninitialized Pointer", "title": "CWE-824" }, { "category": "description", "text": "Dreamweaver Desktop versions 21.7 and earlier contain an Access of Uninitialized Pointer vulnerability that may enable arbitrary code execution when a user opens a malicious file.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47908 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47908.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-47908" }, { "cve": "CVE-2026-47909", "notes": [ { "category": "description", "text": "Dreamweaver Desktop versions 21.7 and earlier contain an Improper Input Validation vulnerability that enables attackers to read arbitrary system files when a user opens a malicious file, risking exposure of sensitive data beyond intended access controls.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47909 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47909.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-47909" }, { "cve": "CVE-2026-21272", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "description", "text": "Adobe Dreamweaver Desktop versions 21.6 and earlier contain an Improper Input Validation vulnerability that enables attackers to write arbitrary files to the system when a user opens a malicious file.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-21272 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21272.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "baseScore": 8.6, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-21272" }, { "cve": "CVE-2026-47910", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "description", "text": "Dreamweaver Desktop versions 21.7 and earlier contain an Incorrect Authorization vulnerability enabling attackers, via user interaction with malicious files, to access arbitrary files beyond intended permissions.", "title": "Summary" } ], "product_status": { "known_affected": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "self", "summary": "CVE-2026-47910 | NCSC-NL Website", "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-47910.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1", "CSAFPID-2" ] } ], "title": "CVE-2026-47910" } ] }