Adobe on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, including critical-severity bugs that could lead to code execution and privilege escalation.
More than half of the weaknesses Adobe addressed this month could be exploited for arbitrary code execution. Application denial-of-service (DoS) was the second most common type of resolved issue.
When it comes to the severity of the resolved vulnerabilities, the Adobe Connect update takes the lead. It addresses two critical-severity flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS score of 9.6) and privilege escalation (CVE-2026-34660, CVSS score of 9.3).
This month’s update for Adobe Commerce resolves the largest number of security defects across the board. Content Authenticity SDK comes in second, with patches for 14 flaws.
Adobe resolved ten high-severity and five medium-severity bugs with the Commerce update. The issues could be exploited to bypass security features, cause DoS conditions, and execute arbitrary code.
All the security defects resolved in Content Authenticity SDK, one high and 13 medium-severity, could lead to application DoS.
High-severity code execution issues were also resolved in After Effects (4 vulnerabilities), Premiere Pro (3 flaws), Media Encoder (2), Substance 3D Painter (2), and Substance 3D Sampler (1).
The update for Illustrator resolves two high-severity code execution defects and two medium-severity issues leading to DoS and memory exposure. Of the five medium-severity weaknesses patched in Substance 3D Designer, four could lead to code execution and one to arbitrary file system read.
Adobe assigned a priority rating of 2 to the Commerce update because the product has previously been targeted in attacks. The remaining updates have a priority rating of 3.
The company says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on Adobe’s PSIRT page.
Related: Apple Patches Dozens of Vulnerabilities in macOS, iOS
Related: SAP Patches Critical S/4HANA, Commerce Vulnerabilities
Related: Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Related: Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
