Adobe Patches 52 Vulnerabilities Across 10 Products, Including Critical Connect Flaws
Adobe released patches for 52 vulnerabilities across 10 products on Tuesday, including two critical-severity bugs in Adobe Connect that could allow arbitrary code execution and privilege escalation.
Adobe on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, including critical-severity bugs that could lead to code execution and privilege escalation. The company's monthly security update addresses a wide range of issues spanning its creative, marketing, and collaboration software suites. More than half of the weaknesses Adobe addressed this month could be exploited for arbitrary code execution, with application denial-of-service (DoS) being the second most common type of resolved issue.
When it comes to the severity of the resolved vulnerabilities, the Adobe Connect update takes the lead. It addresses two critical-severity flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS score of 9.6) and privilege escalation (CVE-2026-34660, CVSS score of 9.3). These bugs in the web conferencing platform pose a significant risk to organizations that rely on Connect for remote collaboration, as successful exploitation could allow an attacker to take full control of an affected system.
This month's update for Adobe Commerce resolves the largest number of security defects across the board. Adobe resolved ten high-severity and five medium-severity bugs with the Commerce update. The issues could be exploited to bypass security features, cause DoS conditions, and execute arbitrary code. Adobe assigned a priority rating of 2 to the Commerce update because the product has previously been targeted in attacks, indicating a higher likelihood of exploitation. Content Authenticity SDK comes in second, with patches for 14 flaws, all of which could lead to application DoS.
High-severity code execution issues were also resolved in several creative applications. After Effects received patches for four vulnerabilities, Premiere Pro for three flaws, Media Encoder for two, Substance 3D Painter for two, and Substance 3D Sampler for one. The update for Illustrator resolves two high-severity code execution defects and two medium-severity issues leading to DoS and memory exposure. Of the five medium-severity weaknesses patched in Substance 3D Designer, four could lead to code execution and one to arbitrary file system read.
Adobe says it is not aware of any of these vulnerabilities being exploited in the wild. The remaining updates have a priority rating of 3, indicating a lower risk of active exploitation. The company encourages users to apply the patches as soon as possible to mitigate potential risks. Additional information can be found on Adobe's PSIRT page.
This batch of patches comes amid a busy Patch Tuesday, with other major vendors also releasing updates. Apple patched dozens of vulnerabilities in macOS and iOS, while SAP addressed critical bugs in S/4HANA and Commerce. The coordinated releases highlight the ongoing challenge of maintaining security across complex software ecosystems. For organizations using multiple Adobe products, this update represents a significant maintenance event that should be prioritized, particularly for Adobe Connect and Commerce deployments.