Adobe’s latest Patch Tuesday updates fix 55 vulnerabilities across 11 of the company’s products.
Nearly all of the 11 new advisories have a priority rating of 3, which indicates that the software giant does not expect them to be exploited in attacks.
However, an advisory describing five critical ColdFusion vulnerabilities has a priority rating of 1, indicating that companies should prioritize patching because the product has historically been targeted by threat actors.
Several ColdFusion vulnerabilities have been exploited in attacks in recent years.
The ColdFusion flaws patched with the latest updates can be exploited to bypass security features, read files from the system, and execute arbitrary code.
Critical code execution vulnerabilities have also been patched in Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, Bridge, Photoshop, and Illustrator.
Important-severity issues — including ones allowing code execution, DoS attacks, and privilege escalation — were patched in Experience Manager Screens and the DNG SDK.
The company is not aware of in-the-wild exploitation for any of the vulnerabilities.
However, a few days ago Adobe announced patches for CVE-2026-34621, an Acrobat and Reader zero-day that appears to have been exploited for several months.
In addition, CISA warned on Monday that it’s aware of attacks exploiting an old Acrobat and Reader vulnerability tracked as CVE-2020-9715.
Related: SAP Patches Critical ABAP Vulnerability
Related: Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
Related: Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
