6.1

CVE-2026-47991

Adobe Experience Manager | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site. Exploitation of this issue requires user interaction in that a victim must click on a malicious link.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AdobeExperience Manager SwEdition- Version < 6.5.25.0
AdobeExperience Manager SwEditionaem_cloud_service Version < 2026.5.0
AdobeExperience Manager Version6.5 Update- SwEditionlts
AdobeExperience Manager Version6.5 Updatesp1 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.164
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@adobe.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html
Vendor Advisory