CVE-2016-4126

high

Published 2016-06-16 · Modified 2026-05-06

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

9.3

VIR risk

8.8

Description

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — https://helpx.adobe.com/security/products/air/apsb16-23.html

vendor Authored 2026-05-27

Vendor advisory: psirt@adobe.com — https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-4126.html

OS impact

OS	Version	Status	Fixed in
sles		affected

Application impact

Vendor	Product	Versions	Fixed
adobe	air_desktop_runtime	`{"endIncluding":"21.0.0.215"}`

References

Verify integrity in audit chain (admin only). AS-IS.