Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-47938

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.

View on NVD

Analysis

Adobe Campaign Classic versiones 7.4.3 y anteriores sufren de una vulnerabilidad SSRF crítica que permite la escalada de privilegios sin interacción del usuario. Este fallo permite a atacantes realizar peticiones internas desde el servidor afectado para comprometer recursos de red protegidos. Con una calificación de CVSS 10.0, es vital actualizar las instancias expuestas para proteger la infraestructura backend.

Relevant roles

BackendCyberSecurityCloud

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-918

EPSS

Probability of exploitation (next 30 days): 0.0009 (0.1%)
Percentile: 26.2%
EPSS: 2026-06-10

Technical description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.

Published: 6/9/2026, 9:17:23 PM
Last modified: 6/10/2026, 6:35:49 PM

References

HomeEventsBlogResourcesTeam