Risk Scores
CVSS v4.0
9.199999809265137
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Experience Manager |
Timeline
- Apr 15, 2026 CVE Published
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.3685 APSB26-34 : Security update available for Adobe Experience Manager Screens 15 April 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: Adobe Experience Manager Publisher: Adobe Operating System: Windows macOS Resolution: Patch/Upgrade CVE Names: CVE-2026-34624 CVE-2026-34625 CVE-2025-64537 CVE-2025-64539 CVE-2025-64540 CVE-2025-64538 CVE-2023-25690 CVE-2026-27288 CVE-2026-34623 Original Bulletin: https://helpx.adobe.com/security/products/aem-screens/apsb26-34.html Comment: CVSS (Max): 9.8* CVE-2023-25690 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Adobe Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * Not all CVSS available when published EPSS (Max): 68.2% (98th)* CVE-2023-25690 2026-04-14 * Not all EPSS found when published - --------------------------BEGIN INCLUDED TEXT-------------------- Security updates available for Adobe Experience Manager (AEM) Screens | APSB26-34 Bulletin ID Date Published Priority APSB26-34 April 14, 2026 3 Summary Adobe has released updates for Adobe Experience Manager (AEM) Screens. This update resolves vulnerabilities rated important . Successful exploitation of this vulnerability could result in arbitrary code execution and privilege escalation. Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates. Affected product versions +------------------------------+-----------------------------------+----------+ | Product | Version | Platform | +------------------------------+-----------------------------------+----------+ |Adobe Experience Manager (AEM)|6.5 Service Pack 24 or earlier |All | |Screens +-----------------------------------+----------+ | |Feature Pack 11.7 or earlier | | | +-----------------------------------+----------+ +------------------------------+-----------------------------------+----------+ Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version: +------------------+--------------+----------+--------+-----------------------+ | Product | Version | Platform |Priority| Availability | +------------------+--------------+----------+--------+-----------------------+ |Adobe Experience |Feature Pack | | |AEM 6.5 Feature Pack | |Manager (AEM) |11.8 |All |3 |11.8 Release Notes | |Screens | | | | | +------------------+--------------+----------+--------+-----------------------+ Vulnerability Details Vulnerability Vulnerability CVSS CVSS Category Impact Severity base vector CVE Number score CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2026-27288 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Privilege AC:L/ (DOM-based escalation Important 5.4 PR:L/ CVE-2026-34623 XSS) ( CWE-79 UI:R/S:C ) /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (DOM-based code Important 5.4 PR:L/ CVE-2026-34624 XSS) ( CWE-79 execution UI:R/S:C ) /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (DOM-based code Important 5.4 PR:L/ CVE-2026-34625 XSS) ( CWE-79 execution UI:R/S:C ) /C:L/I:L /A:N Note If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html Acknowledgments Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: o green-jam: CVE-2026-27288, CVE-2026-34623, CVE-2026-34624, CVE-2026-34625 NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe Revisions December 18, 2025: Added CVE-2025-64538 December 10, 2025: Removed CVE-2025-64540 December 24, 2025: Added note - "AEM 6.5 and LTS versions are not impacted by the following CVEs: CVE-2025-64537, CVE-2025-64538, CVE-2025-64539." --------------------------------------------------------------------------------- For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com. - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Experience Manager |