CVE-2026-48303

Critical · CVSS 10.0

Adobe Campaign Classic (ACC) — Incorrect Authorization leading to arbitrary code execution (CWE-863)

CVSS: 10.0; nvd
EPSS: 0.50%; 66th pct
KEV: No
Class: kernel local; CWE-863

Description

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Search profile — drives PoC discovery

Symbols ACCAdobe Campaign ClassicAPSB26-66build 93947.4.3CVE-2026-48303

Keywords CVE-2026-48303Adobe Campaign ClassicACCIncorrect Authorizationarbitrary code executionAPSB26-667.4.3 build 9394CWE-863privilege escalationscope changed

Versions: <= 7.4.3 build 9394

References

https://helpx.adobe.com/security/products/campaign/apsb26-66.html

Status: enriched · ingested 2026-06-12T18:00:30.000Z · profiled 2026-06-16T18:20:23.035Z