Bulletin de sécurité Adobe

Rechercher

Mises à jour de sécurité disponibles pour Adobe Experience Manager | APSB26-24

Référence du bulletin

Date de publication

Priorité

APSB26-24

10 mars 2026

3

Récapitulatif

Adobe a publié des mises à jour pour Adobe Experience Manager (AEM). Cette mise à jour corrige des vulnérabilités jugées importantes. L’exploitation réussie de ces vulnérabilités pourrait entraîner l’exécution de code arbitraire.

Adobe n’a pas connaissance d’exploitations dans la nature des problèmes traités dans ces mises à jour.

Versions concernées

Produit Version Plate-forme
Adobe Experience Manager (AEM)
 AEM Cloud Service (CS)
 Toutes

6.5 LTS SP1 et versions antérieures

6.5.SP23 et versions antérieures 

 Toutes

Solution

Adobe attribue à ces mises à jour les priorités suivantes et recommande aux utilisateurs concernés de mettre à jour leurs installations avec les dernières versions des logiciels :

Produit

Version

Platform

Priorité

Disponibilité
Adobe Experience Manager (AEM) 
 AEM Cloud Service (CS) Release 2026.02 Toutes 3 Notes de mise à jour
Adobe Experience Manager (AEM)  6.5 LTS Pack de services 2  Toutes  3 Notes de mise à jour
Adobe Experience Manager (AEM) 6.5 Pack de services 24 Toutes  3 Notes de mise à jour
Remarque :

Les clients qui utilisent Cloud Service d’Adobe Experience Manager recevront automatiquement des mises à jour incluant de nouvelles options, ainsi que des correctifs de bogues de sécurité et de fonctionnalité.  

Remarque :

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

Remarque :

Veuillez contacter l’Assistance clientèle d’Adobe pour obtenir de l’aide sur les versions 6.2, 6.3 et 6.4 d’AEM.

Détails concernant la vulnérabilité

Vulnerability Category
 Vulnerability Impact
 Severity
 CVSS base score
 CVSS vector
 CVE Number
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27223
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27224
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27225
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27227
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27228
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27229
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27230
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27231
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27232
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27233
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27234
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27235
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27236
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27237
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27239
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27240
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27241
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27242
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27244
Cross-site Scripting (DOM-based XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27247
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27248
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27249
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27250
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27251
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27252
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27253
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27254
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27255
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27256
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27257
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27262
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27265
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2026-27266
Remarque :

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • green-jam: CVE-2026-27223, CVE-2026-27224, CVE-2026-27225, CVE-2026-27227, CVE-2026-27228, CVE-2026-27229, CVE-2026-27230, CVE-2026-27231, CVE-2026-27232, CVE-2026-27233, CVE-2026-27234, CVE-2026-27235, CVE-2026-27236, CVE-2026-27237, CVE-2026-27239, CVE-2026-27240, CVE-2026-27241, CVE-2026-27242, CVE-2026-27244, CVE-2026-27247, CVE-2026-27248, CVE-2026-27249, CVE-2026-27250, CVE-2026-27251, CVE-2026-27252, CVE-2026-27253, CVE-2026-27254, CVE-2026-27255, CVE-2026-27256, CVE-2026-27257, CVE-2026-27265, CVE-2026-27266
  • anonymous_blackzero: CVE-2026-27262

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

 

 

Revisions

December 18, 2025: Added CVE-2025-64538 

December 10, 2025: Removed CVE-2025-64540

December 24, 2025: Added note - "AEM 6.5 and LTS versions are not impacted by the following CVEs: CVE-2025-64537, CVE-2025-64538, CVE-2025-64539."

Pour plus d’informations, visitez https://helpx.adobe.com/fr/security.html ou envoyez un e-mail à PSIRT@adobe.com.

Adobe, Inc.

Recevez de l’aide plus rapidement et plus facilement

Nouvel utilisateur ?

Liens rapides

Voir toutes vos formules Gérer vos formules
Afficher les liens rapides
Masquer les liens rapides