Adobe has announced a comprehensive security update addressing 52 vulnerabilities across 10 of its products. This significant effort includes patches for critical vulnerabilities that pose risks such as remote code execution and privilege escalation.
Critical Vulnerabilities Highlighted
The majority of the vulnerabilities patched could potentially be exploited for arbitrary code execution, with application denial-of-service (DoS) being the second most frequent issue resolved. The Adobe Connect update is particularly noteworthy, as it tackles two high-impact vulnerabilities that could lead to critical security breaches. These include CVE-2026-34659, with a CVSS score of 9.6, and CVE-2026-34660, scoring 9.3, both of which are capable of compromising system integrity.
Extensive Updates for Adobe Products
Among the updated products, Adobe Commerce received the most comprehensive patching effort, addressing a range of security defects. Following closely, the Content Authenticity SDK received updates for 14 vulnerabilities. The Commerce patch resolved issues that could bypass security measures, cause DoS conditions, and execute arbitrary code.
In the Content Authenticity SDK, Adobe addressed one high-severity and 13 medium-severity vulnerabilities, all of which could potentially lead to application DoS.
High-Severity Issues Across Multiple Applications
Additional high-severity code execution vulnerabilities were addressed in several other Adobe applications. These include four vulnerabilities in After Effects, three in Premiere Pro, two each in Media Encoder and Substance 3D Painter, and one in Substance 3D Sampler. The Illustrator update resolved two high-severity code execution issues and two medium-severity flaws that could result in DoS and memory exposure.
For Substance 3D Designer, five medium-severity flaws were patched, with four capable of enabling code execution and one allowing arbitrary file system access.
Adobe has prioritized the Commerce update with a rating of 2, reflecting previous targeting in attacks. All other updates have been assigned a priority rating of 3. Importantly, Adobe has stated there are currently no known instances of these vulnerabilities being exploited in the wild.
For more detailed information, Adobe encourages users to visit their Product Security Incident Response Team (PSIRT) page.
