Cert-In-Advisories

[CIVN-2026-0017] Multiple Vulnerabilities in Adobe Products

By TeamwinPublished On: January 14, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Adobe Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Adobe Dreamweaver  21.6 and earlier versions for Windows & macOS

Adobe InDesign ID21.0 and earlier versions for Windows & macOS

Adobe InDesign ID19.5.5 and earlier versions for Windows & macOS

Illustrator 2025 29.8.3 and earlier versions for Windows

Illustrator 2026 30.0 and earlier versions for Windows

Adobe InCopy  21.0 and earlier versions for Windows & macOS

Adobe InCopy  19.5.5 and earlier versions for Windows & macOS

Adobe Bridge  15.1.2 (LTS) and earlier versions for Windows & macOS

Adobe Bridge  16.0 and earlier versions for Windows & macOS

Adobe Substance 3D Modeler 1.22.4 and earlier versions for All

Adobe Substance 3D Stager 3.1.5 and earlier versions for Windows & macOS

Adobe Substance 3D Painter 11.0.3 and earlier versions for All

Adobe Substance 3D Sampler 5.1.0 and earlier versions for All

ColdFusion 2025 Update 5 and earlier versions for All

ColdFusion 2023 Update 17 and earlier versions for All

Adobe Substance 3D Designer 15.0.3 and earlier versions for All

Overview

Multiple Vulnerabilities have been reported in Adobe products which could be exploited by an attacker to execute arbitrary code, data manipulation, obtain sensitive information or cause Denial of service (DoS) condition on the targeted system.

Target Audience:

System administrators, Security teams or end-users of Adobe software products.

Risk Assessment:

High risk of unauthorized access to sensitive data, system compromise.

Impact Assessment:

Potential for data theft, remote code execution or service disruption.

Description

Multiple vulnerabilities exist in Adobe products due to Improper Neutralization of Special Elements used in an OS Command injection, Improper Input Validation, Incorrect Authorization, Access of Uninitialized Pointer, Heap-based Buffer Overflow, Out-of-bounds Read, Write; Untrusted Search Path, NULL Pointer Dereference and Use After Free.

Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, data manipulation, obtain sensitive information or cause Denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate updates as mentioned in the Adobe Security Bulletin.

https://helpx.adobe.com/security.html/security/security-bulletin.html

Vendor Information

Adobe

https://helpx.adobe.com/security.html/security/security-bulletin.html

https://helpx.adobe.com/security/products/dreamweaver/apsb26-01.html

https://helpx.adobe.com/security/products/indesign/apsb26-02.html

https://helpx.adobe.com/security/products/illustrator/apsb26-03.html

https://helpx.adobe.com/security/products/incopy/apsb26-04.html

https://helpx.adobe.com/security/products/bridge/apsb26-07.html

https://helpx.adobe.com/security/products/substance3d-modeler/apsb26-08.html

https://helpx.adobe.com/security/products/substance3d_stager/apsb26-09.html

https://helpx.adobe.com/security/products/substance3d_painter/apsb26-10.html

https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-11.html

https://helpx.adobe.com/security/products/coldfusion/apsb26-12.html

https://helpx.adobe.com/security/products/substance3d_designer/apsb26-13.html

References