Adobe has issued crucial updates for a dozen of its products, addressing 88 security vulnerabilities. These include critical flaws in well-known applications such as ColdFusion, Commerce, Experience Manager, and Illustrator.
Significant Flaws in ColdFusion
Among the 13 vulnerabilities fixed in ColdFusion, eight were identified as critical. These issues, identified as CVE-2026-48318, CVE-2026-48322, CVE-2026-48284, CVE-2026-48321, CVE-2026-48325, CVE-2026-48319, CVE-2026-48324, and CVE-2026-48327, pose risks such as arbitrary code execution and privilege escalation.
The vulnerabilities span several categories, including path traversal, code injection, improper input validation, missing authentication, SQL injection, and incorrect authorization. Adobe’s advisory has marked these updates with a priority 1 rating, recommending immediate implementation. Updates for ColdFusion 2025 and 2023 address these critical threats.
Other Affected Adobe Products
In addition to ColdFusion, Adobe’s updates resolved 13 issues in Commerce, with two classified as critical. These vulnerabilities, identified as CVE-2026-48356 and CVE-2026-48358, could result in privilege escalation and arbitrary code execution.
Experience Manager received updates for 13 vulnerabilities as well, including two critical ones, CVE-2026-48259 and CVE-2026-48359, which also allow for arbitrary code execution. Illustrator was updated to fix a critical flaw, CVE-2026-48334, related to improper input validation that could be used for privilege escalation.
Additional Product Updates and Recommendations
Adobe also released updates for several other products: Content Credentials SDK (12 vulnerabilities), Animate (6 flaws), Audition (6), Bridge (6), Media Encoder (5), Premiere Pro (4), After Effects (3), and Creative Cloud Desktop Application (2).
While Adobe has no current reports of these vulnerabilities being exploited, they strongly advise users to apply these patches without delay. More details are available on Adobe’s security bulletins page.
This series of updates follows a previous patch release just two weeks ago, which addressed six severe vulnerabilities in ColdFusion, one of which was actively exploited shortly after its disclosure.
For further information on related security updates, refer to advisories on VMware Avi Load Balancer, SAP NetWeaver, and Joomla Extension vulnerabilities.
