[CIVN-2026-0135] Multiple Vulnerabilities in Adobe Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Adobe Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Adobe Commerce
Magento Open Source
Adobe Illustrator
Adobe Substance 3D Painter
Adobe Acrobat Reader
Adobe Premiere Pro
Adobe Experience Manager (AEM)
Adobe Substance 3D Stager
Adobe DNG Software Development Kit (SDK)
Note: For versions refer to https://helpx.adobe.com/security.html
Overview
Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to execute arbitrary code, bypass security restrictions, gain elevated privileges, cross site scripting or can cause denial-of-service (DoS) condition on the targeted system.
Target Audience:
System administrators, Security teams or end-users of Adobe software products.
Risk Assessment:
High risk of unauthorized access to sensitive data, system compromise.
Impact Assessment:
Potential for data theft, remote code execution or service disruption.
Description
Multiple vulnerabilities exist in the Adobe products due to Incorrect authorization, Improper input validation & limitation of a pathname to restricted directory, URL redirection to untrusted site, heap-based buffer overflow, stacked-based buffer overflow out-of-bounds write, out-of-bounds read, use-after-free, integer overflow or wraparound, NULL pointer dereference, and improper verification of cryptographic signature issues.
Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary code, bypass security restrictions, gain elevated privileges, cross site scripting or can cause denial-of-service (DoS) condition on the targeted system.
Solution
Apply appropriate updates as mentioned in the Adobe Security Bulletin:
https://helpx.adobe.com/security/products/magento/apsb26-05.html
https://helpx.adobe.com/security/products/illustrator/apsb26-18.html
https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html
https://helpx.adobe.com/security/products/acrobat/apsb26-26.html
https://helpx.adobe.com/security/products/premiere_pro/apsb26-28.html
https://helpx.adobe.com/security/products/experience-manager/apsb26-24.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html
https://helpx.adobe.com/security/products/dng-sdk/apsb26-30.html
Vendor Information
Adobe
https://helpx.adobe.com/security.html
References
Adobe
https://helpx.adobe.com/security/products/magento/apsb26-05.html
https://helpx.adobe.com/security/products/illustrator/apsb26-18.html
https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html
https://helpx.adobe.com/security/products/acrobat/apsb26-26.html
https://helpx.adobe.com/security/products/premiere_pro/apsb26-28.html
https://helpx.adobe.com/security/products/experience-manager/apsb26-24.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb26-29.html
https://helpx.adobe.com/security/products/dng-sdk/apsb26-30.html
CVE Name
CVE-2026-21361
CVE-2026-21284
CVE-2026-21289
CVE-2026-21290
CVE-2026-21311
CVE-2026-21309
CVE-2026-21285
CVE-2026-21286
CVE-2026-21291
CVE-2026-21292
CVE-2026-21293
CVE-2026-21294
CVE-2026-21359
CVE-2026-21360
CVE-2026-21282
CVE-2026-21310
CVE-2026-21296
CVE-2026-21297
CVE-2026-21295
CVE-2026-21333
CVE-2026-21362
CVE-2026-27271
CVE-2026-27272
CVE-2026-27267
CVE-2026-27268
CVE-2026-27270
CVE-2026-21363
CVE-2026-21364
CVE-2026-21365
CVE-2026-27214
CVE-2026-27215
CVE-2026-27216
CVE-2026-27217
CVE-2026-27218
CVE-2026-27219
CVE-2026-27220
CVE-2026-27278
CVE-2026-27221
CVE-2026-27269
CVE-2026-27223
CVE-2026-27224
CVE-2026-27225
CVE-2026-27227
CVE-2026-27228
CVE-2026-27229
CVE-2026-27230
CVE-2026-27231
CVE-2026-27232
CVE-2026-27233
CVE-2026-27234
CVE-2026-27235
CVE-2026-27236
CVE-2026-27237
CVE-2026-27239
CVE-2026-27240
CVE-2026-27241
CVE-2026-27242
CVE-2026-27244
CVE-2026-27247
CVE-2026-27248
CVE-2026-27249
CVE-2026-27250
CVE-2026-27251
CVE-2026-27252
CVE-2026-27253
CVE-2026-27254
CVE-2026-27255
CVE-2026-27256
CVE-2026-27257
CVE-2026-27265
CVE-2026-27266
CVE-2026-27262
CVE-2026-27273
CVE-2026-27274
CVE-2026-27275
CVE-2026-27279
CVE-2026-27276
CVE-2026-27277
CVE-2026-27280
CVE-2026-27281
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm0MMMACgkQ3jCgcSdc
ys+QGQ/+MEwkP9hYup9yduFEZHgOyKQAP4uU6Q/K4tFLqceWs1TrTfl3nIFQg31m
EF2nCiyIakbcPIiPWZ0pVgiL4skfFD0w2yg4gJvP48BYcfMTAiRh7htjV0fWFY0L
SMDBNerZe2CAED0v3x7JbS62Q2txnHqiOguxJP5sMBcpCkUZrk/iV1eMob/QeTBQ
lZqurSyK3iarqTDQ+e5o46zGiiihoajCB/L9HzMGiCDZeFEzi7ik2xybKAh5NB9m
IhYt/9TTA2/3ZLcZQp6md57qzXHY5FkK4odJixciwLMigvuEVNqok5rDNUiKaWNF
uX0JrXY1LTCM8DUlWUZhx1wvZp3IUUNfSEwhPYTdT50FuY0LHt8VdgiEe8fiiA3l
aCLodFIJcl4vKB7xcw/zB6VpGVj77al8eBvX1EYhNJBsMxyUP1eY6FbyiGwcxzdT
4DvMpgkYm25JTVvN/tL+H97OToZGa854QnkY954/Hb2wVtngieAkIgyXP+3rUTKN
yI9tml/7c3oyvuVZs7MieNukNcPxwIipLUvbGtzwcAIE+c91C81Kar9x5y7QMkPp
F0NT32xfCk5DIMqYnGwM/Kb748k1g1Bu0YAp8aPzaN+l/NQIacsejVMPkhrfhRZp
XlidxTGcDC60XfeR/9FmW71vBaYKVJbBXWONXpgFNHHJSCulGzQ=
=gCaL
—–END PGP SIGNATURE—–
![[CIVN-2026-0138] Multiple Vulnerabilities in Mozilla Products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
