cvedb.io
CVE-2021-40722
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2022-01-13T21:15:07.897 · Last modified 2026-06-17T04:07:19.883

Summary

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

Affected products

adobe — experience_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when adobe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.