PT-2026-2767 · Adobe · Dreamweaver Desktop

Jann Horn

·

Published

2026-01-13

·

Updated

2026-01-13

·

CVE-2026-21267

CVSS v3.1

8.6

High

VectorAV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Dreamweaver Desktop versions 21.6 and earlier
Description Dreamweaver Desktop versions 21.6 and earlier are susceptible to an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') issue. Successful exploitation of this issue could allow an attacker to execute arbitrary code. Exploitation requires user interaction, specifically a victim opening a malicious file. The scope of the issue is changed after exploitation.
Recommendations Update Dreamweaver Desktop to a version later than 21.6.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2026-00729
CVE-2026-21267

Affected Products

Dreamweaver Desktop