{"api_version":"1","generated_at":"2026-07-15T14:05:21+00:00","cve":"CVE-2026-48310","urls":{"html":"https://cve.report/CVE-2026-48310","api":"https://cve.report/api/cve/CVE-2026-48310.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-48310","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-48310"},"summary":{"title":"Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)","description":"Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.","state":"PUBLISHED","assigner":"adobe","published_at":"2026-07-14 20:17:07","updated_at":"2026-07-14 20:23:39"},"problem_types":["CWE-22","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)"],"metrics":[{"version":"3.1","source":"psirt@adobe.com","type":"Primary","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.6","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","availabilityRequirement":"NOT_DEFINED","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":8.6,"environmentalSeverity":"HIGH","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"NONE","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"NETWORK","modifiedAvailabilityImpact":"NONE","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"NONE","modifiedPrivilegesRequired":"NONE","modifiedScope":"CHANGED","modifiedUserInteraction":"NONE","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"CHANGED","temporalScore":8.6,"temporalSeverity":"HIGH","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","name":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html","refsource":"psirt@adobe.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-48310","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-48310","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","version":"affected 2026.5.0 custom","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager as a Cloud Service","version":"unaffected 2026.6.0 custom","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","version":"affected SP1 custom","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager 6.5 LTS","version":"unaffected SP2 - Hotfix for NPR-43972 custom","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager 6.5","version":"affected 6.5.24 custom","platforms":[]},{"source":"CNA","vendor":"Adobe","product":"Adobe Experience Manager 6.5","version":"unaffected 6.5.25 - Hotfix for NPR-43972 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"Adobe Experience Manager as a Cloud Service","vendor":"Adobe","versions":[{"lessThanOrEqual":"2026.5.0","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"2026.6.0","versionType":"custom"}]},{"defaultStatus":"affected","product":"Adobe Experience Manager 6.5 LTS","vendor":"Adobe","versions":[{"lessThanOrEqual":"SP1","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"SP2 - Hotfix for NPR-43972","versionType":"custom"}]},{"defaultStatus":"affected","product":"Adobe Experience Manager 6.5","vendor":"Adobe","versions":[{"lessThanOrEqual":"6.5.24","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"6.5.25 - Hotfix for NPR-43972","versionType":"custom"}]}],"datePublic":"2026-07-14T17:00:00.000Z","descriptions":[{"lang":"en","value":"Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","availabilityRequirement":"NOT_DEFINED","baseScore":8.6,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","confidentialityRequirement":"NOT_DEFINED","environmentalScore":8.6,"environmentalSeverity":"HIGH","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"NONE","integrityRequirement":"NOT_DEFINED","modifiedAttackComplexity":"LOW","modifiedAttackVector":"NETWORK","modifiedAvailabilityImpact":"NONE","modifiedConfidentialityImpact":"HIGH","modifiedIntegrityImpact":"NONE","modifiedPrivilegesRequired":"NONE","modifiedScope":"CHANGED","modifiedUserInteraction":"NONE","privilegesRequired":"NONE","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","scope":"CHANGED","temporalScore":8.6,"temporalSeverity":"HIGH","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T19:36:26.435Z","orgId":"078d4453-3bcd-4900-85e6-15281da43538","shortName":"adobe"},"references":[{"tags":["vendor-advisory"],"url":"https://helpx.adobe.com/security/products/experience-manager/apsb26-74.html"}],"source":{"discovery":"EXTERNAL"},"title":"Adobe Experience Manager | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"078d4453-3bcd-4900-85e6-15281da43538","assignerShortName":"adobe","cveId":"CVE-2026-48310","datePublished":"2026-07-14T19:21:02.330Z","dateReserved":"2026-05-21T15:28:38.136Z","dateUpdated":"2026-07-14T19:36:26.435Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 20:17:07","lastModifiedDate":"2026-07-14 20:23:39","problem_types":["CWE-22","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)"],"metrics":{"cvssMetricV31":[{"source":"psirt@adobe.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"48310","Ordinal":"1","Title":"Adobe Experience Manager | Improper Limitation of a Pathname to ","CVE":"CVE-2026-48310","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"48310","Ordinal":"1","NoteData":"Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue does not require user interaction. Scope is changed.","Type":"Description","Title":"Adobe Experience Manager | Improper Limitation of a Pathname to "}]}}}