[CIAD-2026-0018] Multiple Vulnerabilities in Adobe Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Adobe Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: High
Software Affected
Acrobat DC 26.001.21411 & 26.001.21367 and earlier
Acrobat Reader DC 26.001.21411 & DC 26.001.21367 and earlier
Acrobat 2024 24.001.30362 and earlier for Window
Acrobat 2024 24.001.30360 and earlier for Mac
Acrobat 2024 24.001.30356 and earlier
Adobe InDesign ID21.2 & ID20.5.2 and earlier versions
Adobe InCopy 21.2 & 20.5.2 and earlier versions
Adobe Experience Manager (AEM) Screens 6.5 Service Pack 24 or earlier
Adobe Experience Manager (AEM) Screens Feature Pack 11.7 or earlier
Adobe Frame Maker 2022 Release Update 8 and earlier  
Adobe Connect 12.10 and earlier  
Adobe Connect Desktop Application 2025.3 and earlier
ColdFusion 2023 Update 18 & 2025 Update 6 and earlier versions
Adobe Bridge 16.0.2 & 15.1.4 (LTS) and earlier versions
Photoshop 2026 27.4 and earlier versions
Adobe DNG Software Development Kit (SDK) DNG SDK 1.7.1 build 2502 and earlier
Illustrator 2025 29.8.5 & 2026 30.2 and earlier
Overview
Multiple vulnerabilities have been reported in Adobe products, which could be exploited by an attacker to execute arbitrary code, bypass security restriction, access sensitive information, cross-site scripting (DOM-based XSS) attacks or cause denial of service (DoS) condition on the targeted system.
Target Audience:
Individuals and IT administrators, end-users or security teams responsible for maintaining and updating Adobe products
Risk Assessment:
High risk of unauthorized access to sensitive data, system compromise
Impact Assessment:
Arbitrary code execution, security feature bypass, service disruption or access sensitive information.
Description
Multiple vulnerabilities exist in Adobe products due to improperly handled of object prototype attributes, use after free, out-of-bounds read, out-of-bounds write, heap-based buffer overflow, improper input validation, type confusion, Integer underflow, deserialization of untrusted data, and path traversal.
Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, bypass security restriction, access sensitive information, cross-site scripting (DOM-based XSS) attacks or cause denial of service (DoS) condition on the targeted system.
Solution
Apply appropriate security updates as mentioned in Adobe Security Bulletin:
https://helpx.adobe.com/security.html
References
Adobe
https://helpx.adobe.com/security.html
CVE Name
CVE-2026-21331
CVE-2026-27222
CVE-2026-27238
CVE-2026-27243
CVE-2026-27245
CVE-2026-27246
CVE-2026-27258
CVE-2026-27259
CVE-2026-27260
CVE-2026-27282
CVE-2026-27283
CVE-2026-27284
CVE-2026-27285
CVE-2026-27286
CVE-2026-27287
CVE-2026-27288
CVE-2026-27289
CVE-2026-27290
CVE-2026-27291
CVE-2026-27292
CVE-2026-27293
CVE-2026-27294
CVE-2026-27295
CVE-2026-27296
CVE-2026-27297
CVE-2026-27298
CVE-2026-27299
CVE-2026-27300
CVE-2026-27301
CVE-2026-27302
CVE-2026-27303
CVE-2026-27304
CVE-2026-27305
CVE-2026-27306
CVE-2026-27307
CVE-2026-27308
CVE-2026-27310
CVE-2026-27311
CVE-2026-27312
CVE-2026-27313
CVE-2026-34614
CVE-2026-34615
CVE-2026-34617
CVE-2026-34618
CVE-2026-34619
CVE-2026-34621
CVE-2026-34622
CVE-2026-34623
CVE-2026-34624
CVE-2026-34625
CVE-2026-34626
CVE-2026-34627
CVE-2026-34628
CVE-2026-34629
CVE-2026-34630
CVE-2026-34631
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmng/5wACgkQ3jCgcSdc
ys8TwxAAlEo5V8cnMsF499+HK/Qd0FODFZi7bptu0m0mpr0Udz8o04+j5Z/S5OxI
o41sEb+GT7gdeCvQiDeayAUXZWC6CeadAh5ty/nN6FqK88DEu0M5Zz+pDwZWu2Ce
2GBhx97sBhtv94NxruUUGpRCH1gtYRzbarT85iiAO1JtQjVgafEmxt4C0iDDtY4Y
M5pMbW+HV1aWQm8rPEhffQwgtWpjeUlr3n5y01oxMFOjUF/gw8WbDBbzkZrKnNts
lteA8umlPlQ+6aO5AhAY95vCGGFlHGk/f/s8iqw7YpwdcfXCAPEEvZfcG/BDrjTY
Bf6AD9Bwv854Bd0ab2gLVOrb6+ngIgpf0ZCEJQ9jCIg6AzkFeVbVeOZrfpIpAWJh
Uu5A5CAp4SyreXAVbk+HTMLMuewLgp/twghChLdu4ITI+h5cg7EcpKMB33g2fEMU
MLuJbzKI6RlP5WLjgihA4R0riIH8AVmwxLKRvDEBRaJqlcMmFa9KfUnygeCGa8TU
Y+NCdA9fS+FK2NNNqkSlWU4iKbql1Eg5Zr/ImxW3D+VSg11Fp7PX78k4M7cf4yp/
DoqHDKJOK9rkl2e47T1ZkgPWVO3X5QkjsC5LJkaEK8cytyC5Ny7rnuw7n2FuCI5r
t5JMEKBDjzLb06Vxd2jPoEScbQ97YEiVLwaxgkFD8XsWi255XCQ=
=HrU2
—–END PGP SIGNATURE—–
![[CIVN-2026-0190] Multiple Vulnerabilities in Google Chrome for Desktop](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
