Bulletin ID
Last updated on
Jun 9, 2026
Security updates available for Adobe Experience Manager Forms | APSB26-57
|
|
Date Published |
Priority |
|---|---|---|
|
APSB26-57 |
June 9, 2026 |
2 |
Summary
Affected Product Versions
| Product | Affected version | Platform |
|---|---|---|
| Adobe Experience Manager 6.5 LTS | SP1 and earlier | Windows, macOS, Linux, iOS, Android |
| Adobe Experience Manager 6.5 | 6.5.24.0 and earlier | Windows, macOS, Linux, iOS, Android |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
| Product | Updated version | Platform | Priority rating | Availability |
|---|---|---|---|---|
| Adobe Experience Manager 6.5 LTS | SP2 | All | 2 | Update instructions |
| Adobe Experience Manager 6.5 | 6.5.25.0 | All | 2 | Update instructions |
Note
Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2.
Vulnerability Details
| Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVSS vector |
CVE Number |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Critical | 9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N | CVE-2026-34691 |
| Cross-site Scripting (Reflected XSS) (CWE-79) | Arbitrary code execution | Critical | 8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N | CVE-2026-34693 |
| Cross-site Scripting (Stored XSS) (CWE-79) | Arbitrary code execution | Important | 5.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L | CVE-2026-34694 |
Acknowledgments
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- Green-jam -- CVE-2026-34691, CVE-2026-34693, CVE-2026-34694
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.
