Adobe Security Bulletin

Last updated on Jan 13, 2026

Security update available for Adobe Dreamweaver | APSB26-01

Bulletin ID	Date Published	Priority
APSB26-01	January 13, 2026	3

Summary

Adobe has released a security update for Adobe Dreamweaver. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution and arbitrary file system write.

Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

Affected Versions

Product	Affected Versions	Platform
Adobe Dreamweaver	21.6 and earlier versions	Windows and macOS

Solution

Adobe categorizes this update with the following priority rating and recommends users to use latest builds for new installation via the Creative Cloud desktop app updater, or by navigating to the Dreamweaver Help menu and clicking "Updates." For more information, please reference this help page. 

Product	Updated Version	Platform	Priority rating
Adobe Dreamweaver	21.7	Windows and macOS	3

Note

Note:  For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information on the Creative Cloud Packager.  

Vulnerability Details

Vulnerability Category	Vulnerability Impact	Severity	CVSS Base Score	CVSS vector	CVE Number
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)	Arbitrary code execution	Critical	8.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	CVE-2026-21267
Improper Input Validation (CWE-20)	Arbitrary code execution	Critical	8.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	CVE-2026-21268
Incorrect Authorization (CWE-863)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2026-21274
Improper Input Validation (CWE-20)	Arbitrary code execution	Critical	8.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	CVE-2026-21271
Improper Input Validation (CWE-20)	Arbitrary file system write	Critical	8.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	CVE-2026-21272

Acknowledgements

Adobe would like to thank the following researcher for reporting these issues and for working with Adobe to help protect our customers:   

Sudhanshu Rajbhar (sudi) - CVE-2026-21267, CVE-2026-21268, CVE-2026-21272, CVE-2026-21274
Kieran (kaiksi) - CVE-2026-21271

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?