SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches 80 Vulnerabilities Across Eight Products

Adobe has rolled out patches for 80 vulnerabilities across 8 products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro.
Adobe vulnerabilities

Adobe on Tuesday announced patches for 80 vulnerabilities across 8 products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro.

The company rolled out fixes for 19 flaws in Adobe Commerce and Magento Open Source, urging users to apply the patches within the next 30 days, based on these products being a known target for threat actors.

The update resolves six high-severity bugs, five of which could lead to privilege escalation: CVE-2026-21290, CVE-2026-21361, CVE-2026-21284, CVE-2026-21311, and CVE-2026-21309. The sixth, tracked as CVE-2026-21289, leads to security feature bypass.

Per Adobe’s advisory, the remaining defects are medium- and low-severity issues leading to arbitrary code execution, privilege escalation, security feature bypasses, and denial-of-service (DoS).

Fixes for these bugs were released for Adobe Commerce versions 2.4.4 to 2.4.9, Adobe Commerce B2B versions 1.3.3 to 1.5.3, and Magento Open Source versions 2.4.5 to 2.4.9.

Adobe Illustrator received patches for seven vulnerabilities, including five bugs that could lead to arbitrary code execution: CVE-2026-21333, CVE-2026-21362, CVE-2026-27271, CVE-2026-27272, and CVE-2026-27267.

Advertisement. Scroll to continue reading.

High-severity security defects leading to arbitrary code execution were also resolved in Acrobat Reader, Premiere Pro, Substance 3D Stager, and DNG Software Development Kit (SDK).

Unlike the Adobe Commerce advisory, which has a priority rating of 2, these have priority ratings of 3, meaning that the products are less likely to be targeted by threat actors.

Adobe’s fresh round of security updates also resolves medium- and low-severity vulnerabilities in these products, as well as in Substance 3D Painter and Experience Manager.

Adobe makes no mention of any of these security defects being exploited in the wild. Additional information can be found on the company’s PSIRT page.

Related: SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities

Related: Cisco Patches Critical Vulnerabilities in Enterprise Networking Products

Related: Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps

Related: Adobe Patches Critical Apache Tika Bug in ColdFusion

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: A Step-by-Step Approach to AI Governance
April 28, 2026

With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment.

Register

Virtual Event: Threat Detection and Incident Response Summit
May 20, 2026

Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization.

Register

People on the Move

Neill Feather has been named Chief Executive Officer at Point Wild.

Oasis Security has appointed Michael DeCesare as President.

Sterling Wilson has joined IGEL as Global Field CTO, Business Continuity and Disaster Recovery.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.