Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN504
_____________________________________________________________________

DATE                : 13/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Connect Desktop Application
            versions prior to 2026.3.125 (Windows), 2026.01.39 (macOS).

=====================================================================
https://helpx.adobe.com/security/products/connect/apsb26-50.html
_____________________________________________________________________

Last updated on May 12, 2026
Security update available for Adobe Connect  | APSB26-50

Bulletin ID   Date Published    Priority

APSB26-50     May 12, 2026      3

Summary
Adobe has released a security update for Adobe Connect. This update
resolves critical vulnerabilities that could lead to arbitrary code
execution and privilege escalation.

Adobe is not aware of any exploits in the wild for any of the issues
addressed in these updates.

Affected Product Versions

Product   Version    Platform

Adobe Connect Desktop Application   2025.9.15 (Windows)
2025.8.157 (macOS)
Windows and macOS


Solution
Adobe categorizes these updates with the following  priority
ratings and recommends users update their installation to the
latest version.


Product   Version    Platform   Priority   Availability

Adobe Connect Desktop Application
2026.3.125 (Windows) 2026.01.39 (macOS)
Windows and macOS
3

Release Notes
Vulnerability Details 

Vulnerability Category  Vulnerability Impact   Severity
CVSS base score    CVSS vector    CVE Number

Deserialization of Untrusted Data (CWE-502)
Arbitrary code execution
Critical
9.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2026-34659

Incorrect Authorization (CWE-863)   Privilege escalation
Critical
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CVE-2026-34660

Adobe would like to thank the following researchers for reporting
these issue and for working with Adobe to help protect our
customers:   

Laish (a_l) -- CVE-2026-34659, CVE-2026-34660
NOTE: Adobe has a public bug bounty program with HackerOne. If you
are interested in working with Adobe as an external security
researcher, please check out https://hackerone.com/adobe.

For more information, visit https://helpx.adobe.com/security.html,
or email PSIRT@adobe.com.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================