Bollettino sulla sicurezza di Adobe

Aggiornamenti di sicurezza disponibili per Adobe Experience Manager | APSB26-24

ID bollettino	Data di pubblicazione	Priorità
APSB26-24	10 marzo 2026	3

Riepilogo

Adobe ha rilasciato aggiornamenti per Adobe Experience Manager (AEM). Questo aggiornamento risolve vulnerabilità classificate importanti. Se sfruttata, tale vulnerabilità potrebbe risultare in un'esecuzione arbitraria del codice.

Adobe non è a conoscenza di sfruttamenti delle vulnerabilità oggetto di questi aggiornamenti.

Versioni del prodotto interessate

Prodotto	Versione	Piattaforma
Adobe Experience Manager (AEM)	Cloud Service AEM (CS)	Tutte
6.5 LTS SP1 e versioni precedenti 6.5.SP23 e versioni precedenti	Tutte

Prodotto

Versione

Piattaforma

Adobe Experience Manager (AEM)

Cloud Service AEM (CS)

Tutte

6.5 LTS SP1 e versioni precedenti

6.5.SP23 e versioni precedenti

Tutte

Soluzione

Adobe classifica questi aggiornamenti in base ai seguenti livelli di priorità e consiglia agli utenti interessati di aggiornare la propria installazione alla versione più recente:

Prodotto	Versione	Piattaforma	Priorità	Disponibilità
Adobe Experience Manager (AEM)	AEM Cloud Service (CS) Release 2026.02	Tutte	3	Note sulla versione
Adobe Experience Manager (AEM)	6.5 LTS Service Pack 2	Tutte	3	Note sulla versione
Adobe Experience Manager (AEM)	6.5 Service Pack 24	Tutte	3	Note sulla versione

Nota:

I clienti in esecuzione sul Cloud Service di Adobe Experience Manager riceveranno automaticamente aggiornamenti che includono nuove funzioni, nonché correzioni di bug di sicurezza e funzionalità.

Nota:

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

Nota:

Per ricevere assistenza sulle versioni di AEM 6.4, 6.3 e 6.2, gli utenti possono contattare l’Assistenza clienti Adobe.

Dettagli della vulnerabilità

Vulnerability Category	Vulnerability Impact	Severity	CVSS base score	CVSS vector	CVE Number
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27223
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27224
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27225
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27227
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27228
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27229
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27230
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27231
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27232
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27233
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27234
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27235
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27236
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27237
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27239
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27240
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27241
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27242
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27244
Cross-site Scripting (DOM-based XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27247
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27248
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27249
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27250
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27251
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27252
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27253
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27254
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27255
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27256
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27257
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27262
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27265
Cross-site Scripting (Stored XSS) (CWE-79)	Arbitrary code execution	Important	5.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	CVE-2026-27266

Nota:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:

green-jam: CVE-2026-27223, CVE-2026-27224, CVE-2026-27225, CVE-2026-27227, CVE-2026-27228, CVE-2026-27229, CVE-2026-27230, CVE-2026-27231, CVE-2026-27232, CVE-2026-27233, CVE-2026-27234, CVE-2026-27235, CVE-2026-27236, CVE-2026-27237, CVE-2026-27239, CVE-2026-27240, CVE-2026-27241, CVE-2026-27242, CVE-2026-27244, CVE-2026-27247, CVE-2026-27248, CVE-2026-27249, CVE-2026-27250, CVE-2026-27251, CVE-2026-27252, CVE-2026-27253, CVE-2026-27254, CVE-2026-27255, CVE-2026-27256, CVE-2026-27257, CVE-2026-27265, CVE-2026-27266
anonymous_blackzero: CVE-2026-27262

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

Revisions

December 18, 2025: Added CVE-2025-64538

December 10, 2025: Removed CVE-2025-64540

December 24, 2025: Added note - "AEM 6.5 and LTS versions are not impacted by the following CVEs: CVE-2025-64537, CVE-2025-64538, CVE-2025-64539."

Per ulteriori informazioni, visitare il sito https://helpx.adobe.com/it/security.html o inviare un’e-mail a PSIRT@adobe.com.

Bollettino sulla sicurezza di Adobe

Riepilogo

Versioni del prodotto interessate

Soluzione

Dettagli della vulnerabilità

Acknowledgments

Revisions

Ottieni supporto in modo più facile e veloce

Condividi questa pagina

Condividi questa pagina

Chiedi alla community

Contattaci