CRITICAL🇵🇱 Wersja polska

CVE-2026-47938

CVSS 10.0v3.1pub. 2026-06-09upd. 2026-06-10

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed.

🤖 AI Analysis
How it works

The vulnerability consists in the possibility of an unauthenticated attacker forcing the server to execute HTTP requests to any network resources (SSRF). Exploitation does not require user interaction or any prior permissions (PR:N, UI:N). The vector indicates a scope change (Scope Changed), which means that the effects of the attack may extend beyond the directly vulnerable component and affect other systems in the infrastructure.

Impact

An attacker can obtain privilege escalation and complete compromise of confidentiality, integrity and availability of the system, potentially extending its scope to resources outside the originally attacked component.

Mitigation & patch

Patches from the vendor must be applied immediately according to the references: https://helpx.adobe.com/security/products/campaign/apsb26-66.html

Who is affected

Adobe Campaign Classic (ACC) in version 7.4.3 build 9394 and all earlier versions.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SSRFLPE
CWE
References