SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches 52 Vulnerabilities in 10 Products

While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution.
Adobe vulnerabilities

Adobe on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, including critical-severity bugs that could lead to code execution and privilege escalation.

More than half of the weaknesses Adobe addressed this month could be exploited for arbitrary code execution. Application denial-of-service (DoS) was the second most common type of resolved issue.

When it comes to the severity of the resolved vulnerabilities, the Adobe Connect update takes the lead. It addresses two critical-severity flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS score of 9.6) and privilege escalation (CVE-2026-34660, CVSS score of 9.3).

This month’s update for Adobe Commerce resolves the largest number of security defects across the board. Content Authenticity SDK comes in second, with patches for 14 flaws.

Adobe resolved ten high-severity and five medium-severity bugs with the Commerce update. The issues could be exploited to bypass security features, cause DoS conditions, and execute arbitrary code.

All the security defects resolved in Content Authenticity SDK, one high and 13 medium-severity, could lead to application DoS.

Advertisement. Scroll to continue reading.

High-severity code execution issues were also resolved in After Effects (4 vulnerabilities), Premiere Pro (3 flaws), Media Encoder (2), Substance 3D Painter (2), and Substance 3D Sampler (1).

The update for Illustrator resolves two high-severity code execution defects and two medium-severity issues leading to DoS and memory exposure. Of the five medium-severity weaknesses patched in Substance 3D Designer, four could lead to code execution and one to arbitrary file system read.

Adobe assigned a priority rating of 2 to the Commerce update because the product has previously been targeted in attacks. The remaining updates have a priority rating of 3.

The company says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on Adobe’s PSIRT page.

Related: Apple Patches Dozens of Vulnerabilities in macOS, iOS

Related: SAP Patches Critical S/4HANA, Commerce Vulnerabilities

Related: Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover

Related: Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.