Adobe has released its latest Patch Tuesday updates, addressing 55 vulnerabilities across 11 of its products. While most of these advisories carry a priority rating of 3, indicating a low likelihood of exploitation, a set of five critical vulnerabilities in ColdFusion has been flagged with a priority rating of 1. This suggests that organizations should urgently apply these patches as ColdFusion has been a frequent target for threat actors in the past. These vulnerabilities could allow attackers to bypass security features, read files, and execute arbitrary code.
In addition to ColdFusion, critical code execution vulnerabilities have been resolved in several other Adobe products including Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, Bridge, Photoshop, and Illustrator. Important-severity issues, such as those enabling code execution, denial of service attacks, and privilege escalation, were patched in Experience Manager Screens and the DNG SDK.
Although Adobe is not aware of any active exploitation of these vulnerabilities, the company recently addressed a zero-day vulnerability in Acrobat and Reader, known as CVE-2026-34621, which had been exploited for several months. Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about ongoing attacks leveraging an older Acrobat and Reader vulnerability, CVE-2020-9715.
Given these developments, it is crucial for organizations to integrate these patches into their existing security frameworks promptly to mitigate potential risks.


