Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-48348— Animate | Incorrect Authorization (CWE-863)

CVSS 7.7 · High EPSS 0.17% · P6

Affected Version Matrix 4

VendorProductVersion RangeStatus
AdobeAdobe Animate 2023≤ 23.0.15affected
23.0.16unaffected
AdobeAdobe Animate 2024≤ 24.0.13affected
24.0.14unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-48348

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Animate | Incorrect Authorization (CWE-863)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Animate 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe animate是美国Adobe公司的一个交互式动画与多媒体创作软件。 Adobe Animate 2023 23.0.15及之前版本和Adobe Animate 2024 24.0.13及之前版本存在授权问题漏洞,该漏洞源于授权问题,可能导致在当前用户环境下执行任意代码。利用此漏洞需要用户交互,受害者必须打开恶意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AdobeAdobe Animate 2023 0 ~ 23.0.15 -
AdobeAdobe Animate 2024 0 ~ 24.0.13 -

II. Public POCs for CVE-2026-48348

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-48348

登录查看更多情报信息。

Vendor Advisories for CVE-2026-48348 (1)

Same Patch Batch · Adobe · 2026-07-14 · 88 CVEs total

CVE-2026-483189.9 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-482849.6 CRITICALColdFusion | Improper Input Validation (CWE-20)
CVE-2026-483229.6 CRITICALColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)
CVE-2026-483569.6 CRITICALAdobe Commerce | Unrestricted Upload of File with Dangerous Type (CWE-434)
CVE-2026-483599.6 CRITICALAdobe Experience Manager | Improper Restriction of XML External Entity Reference ('XXE') (
CVE-2026-482599.6 CRITICALAdobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)
CVE-2026-483349.3 CRITICALIllustrator | Improper Input Validation (CWE-20)
CVE-2026-483219.3 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-483259.3 CRITICALColdFusion | Missing Authentication for Critical Function (CWE-306)
CVE-2026-483249.1 CRITICALColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Inje
CVE-2026-483199.1 CRITICALColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'
CVE-2026-483589.1 CRITICALAdobe Commerce | Improper Encoding or Escaping of Output (CWE-116)
CVE-2026-483279.0 CRITICALColdFusion | Incorrect Authorization (CWE-863)
CVE-2026-479948.7 HIGHAdobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2026-483108.6 HIGHAdobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('P
CVE-2026-483508.6 HIGHAnimate | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (
CVE-2026-479888.6 HIGHAdobe Commerce | Incorrect Authorization (CWE-863)
CVE-2026-482528.6 HIGHAdobe Experience Manager | Missing Authentication for Critical Function (CWE-306)
CVE-2026-482758.6 HIGHIllustrator | Untrusted Search Path (CWE-426)
CVE-2026-483208.5 HIGHColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-48348

No comments yet


Leave a comment