Beveiligingsadvies van Adobe

Zoeken

Beveiligingsupdates beschikbaar voor Adobe Experience Manager | APSB26-24

Bulletin-id

Publicatiedatum

Prioriteit

APSB26-24

10 maart 2026

3

Samenvatting

Adobe heeft updates uitgebracht voor Adobe Experience Manager (AEM). Deze update lost kwetsbaarheden op die zijn beoordeeld als belangrijk. Misbruik van deze kwetsbaarheden kan leiden tot willekeurige code-uitvoering.

Adobe is zich er niet van bewust dat de in deze updates behandelde problemen door onbevoegden worden misbruikt.

Van toepassing op de volgende productversies

Product Versie Platform
Adobe Experience Manager (AEM)
 AEM Cloud Service (CS)
 Alle

6.5 LTS SP1 en eerder

6.5.SP23 en eerder

Alle

Oplossing

Adobe heeft aan deze updates de volgende prioriteit toegekend en raadt gebruikers aan hun installatie bij te werken naar de recentste versie:

Product

Versie

Platform

Prioriteit

Beschikbaarheid
Adobe Experience Manager (AEM) 
 AEM Cloud Service (CS) release 2026.02 Alle 3 Release-opmerkingen
Adobe Experience Manager (AEM)  6.5 LTS Service Pack 2 Alle  3 Release-opmerkingen
Adobe Experience Manager (AEM) 6.5 Service Pack 24 Alle  3 Release-opmerkingen
Opmerking:

Klanten die op Adobe Experience Manager's Cloud Service draaien, ontvangen automatisch updates die nieuwe functies bevatten, evenals bugfixes voor beveiliging en functionaliteit.  

Opmerking:

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

Opmerking:

Neem contact op met de klantenservice van Adobe voor hulp bij versie 6.4, 6.3 en 6.2 van AEM.

Details van kwetsbaarheid

Vulnerability Category
 Vulnerability Impact
 Severity
 CVSS base score
 CVSS vector
 CVE Number
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27223
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27224
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27225
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27227
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27228
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27229
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27230
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27231
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27232
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27233
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27234
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27235
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27236
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27237
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27239
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27240
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27241
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27242
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27244
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27247
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27248
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27249
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27250
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27251
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27252
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27253
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27254
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27255
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27256
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27257
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27262
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27265
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27266
Opmerking:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • green-jam: CVE-2026-27223, CVE-2026-27224, CVE-2026-27225, CVE-2026-27227, CVE-2026-27228, CVE-2026-27229, CVE-2026-27230, CVE-2026-27231, CVE-2026-27232, CVE-2026-27233, CVE-2026-27234, CVE-2026-27235, CVE-2026-27236, CVE-2026-27237, CVE-2026-27239, CVE-2026-27240, CVE-2026-27241, CVE-2026-27242, CVE-2026-27244, CVE-2026-27247, CVE-2026-27248, CVE-2026-27249, CVE-2026-27250, CVE-2026-27251, CVE-2026-27252, CVE-2026-27253, CVE-2026-27254, CVE-2026-27255, CVE-2026-27256, CVE-2026-27257, CVE-2026-27265, CVE-2026-27266
  • anonymous_blackzero: CVE-2026-27262

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

 

 

Revisions

December 18, 2025: Added CVE-2025-64538 

December 10, 2025: Removed CVE-2025-64540

December 24, 2025: Added note - "AEM 6.5 and LTS versions are not impacted by the following CVEs: CVE-2025-64537, CVE-2025-64538, CVE-2025-64539."

Ga voor meer informatie naar https://helpx.adobe.com/nl/security.html of stuur een e-mail naar PSIRT@adobe.com.

Adobe, Inc.

Krijg sneller en gemakkelijker hulp

Nieuwe gebruiker?

Snelle koppelingen

Al je lidmaatschappen weergeven Je lidmaatschappen beheren
Snelle koppelingen weergeven
Snelle koppelingen verbergen

Vraag het de community

Vragen stellen en antwoord krijgen van experts.

Nu vragen

Contact met ons opnemen

Ondersteuning door experts voor uw problemen.

Nu starten
^ Naar boven