Adobe has released an important Patch Tuesday update that addresses 55 vulnerabilities across 11 of its products. Most of these advisories have been given a priority rating of 3, suggesting a lower risk of exploitation. However, five critical vulnerabilities in ColdFusion have been identified with a priority rating of 1, signaling an urgent need for companies to prioritize these patches. ColdFusion has been a target for threat actors in recent years, and these vulnerabilities could allow attackers to bypass security measures, access system files, and execute arbitrary code.
Other products affected by critical code execution vulnerabilities include Acrobat Reader, InDesign, InCopy, FrameMaker, Connect, Bridge, Photoshop, and Illustrator. Additionally, important-severity vulnerabilities in Experience Manager Screens and the DNG SDK could enable code execution, denial-of-service attacks, and privilege escalation.
While Adobe has not detected any active exploitation of these vulnerabilities, they recently patched a zero-day flaw in Acrobat and Reader, CVE-2026-34621, which had been exploited for several months. Furthermore, CISA has issued a warning about attacks using an older Acrobat and Reader vulnerability, CVE-2020-9715. Organizations are advised to implement these patches promptly to protect their systems from potential threats.


