Adobe has issued security updates to address 80 vulnerabilities found in eight of its products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro. The updates, announced on Tuesday, are part of the company’s ongoing efforts to enhance cybersecurity across its software portfolio.
Critical Updates for Adobe Commerce and Magento
The company has released fixes for 19 vulnerabilities in Adobe Commerce and Magento Open Source. Users are advised to implement these patches within 30 days due to the known targeting of these products by cyber attackers. Among the resolved issues are six high-severity vulnerabilities, five of which can lead to privilege escalation. These are identified as CVE-2026-21290, CVE-2026-21361, CVE-2026-21284, CVE-2026-21311, and CVE-2026-21309. The sixth, CVE-2026-21289, allows for security feature bypass.
The remaining vulnerabilities address medium- and low-severity threats, including arbitrary code execution, privilege escalation, security feature bypasses, and denial-of-service (DoS). The patches apply to Adobe Commerce versions 2.4.4 to 2.4.9, B2B versions 1.3.3 to 1.5.3, and Magento Open Source versions 2.4.5 to 2.4.9.
Security Enhancements in Illustrator and Other Products
In addition to the Commerce updates, Adobe has provided patches for seven vulnerabilities in Illustrator. Five of these flaws could potentially lead to arbitrary code execution, specifically CVE-2026-21333, CVE-2026-21362, CVE-2026-27271, CVE-2026-27272, and CVE-2026-27267.
Acrobat Reader, Premiere Pro, Substance 3D Stager, and the DNG Software Development Kit (SDK) have also received updates to address high-severity security defects that could result in arbitrary code execution. These products have been assigned a priority rating of 3, indicating a lower likelihood of being targeted compared to Adobe Commerce, which has a priority rating of 2.
Ongoing Security Measures and Future Outlook
Adobe’s latest security round also resolves medium- and low-severity vulnerabilities in additional products such as Substance 3D Painter and Experience Manager. The company has not reported any active exploitation of these security issues in the wild. For more detailed information, users can consult Adobe’s Product Security Incident Response Team (PSIRT) page.
This proactive approach highlights Adobe’s commitment to maintaining robust security across its product lines. Users are encouraged to stay informed about security updates and apply patches promptly to protect their systems from potential cyber threats.
