"The company rolled out fixes for 19 flaws in Adobe Commerce and Magento Open Source, urging users to apply the patches within the next 30 days, based on these products being a known target for threat actors. The update resolves six high-severity bugs, five of which could lead to privilege escalation: CVE-2026-21290, CVE-2026-21361, CVE-2026-21284, CVE-2026-21311, and CVE-2026-21309."
"Adobe Illustrator received patches for seven vulnerabilities, including five bugs that could lead to arbitrary code execution: CVE-2026-21333, CVE-2026-21362, CVE-2026-27271, CVE-2026-27272, and CVE-2026-27267. High-severity security defects leading to arbitrary code execution were also resolved in Acrobat Reader, Premiere Pro, Substance 3D Stager, and DNG Software Development Kit."
"Unlike the Adobe Commerce advisory, which has a priority rating of 2, these have priority ratings of 3, meaning that the products are less likely to be targeted by threat actors. Adobe makes no mention of any of these security defects being exploited in the wild."
Adobe announced security patches addressing 80 vulnerabilities across eight products including Commerce, Illustrator, Acrobat Reader, and Premiere Pro. Adobe Commerce and Magento Open Source received 19 patches, with six high-severity bugs including five privilege escalation flaws and one security feature bypass. The remaining defects are medium and low-severity issues causing arbitrary code execution, privilege escalation, feature bypasses, and denial-of-service attacks. Patches apply to Commerce versions 2.4.4-2.4.9, B2B versions 1.3.3-1.5.3, and Magento Open Source 2.4.5-2.4.9. Adobe Illustrator received seven patches including five arbitrary code execution vulnerabilities. High-severity defects were also resolved in Acrobat Reader, Premiere Pro, Substance 3D Stager, and DNG SDK. Commerce updates have priority rating 2 due to known threat actor targeting, while other products have priority rating 3. No active exploitation has been reported.
#adobe-security-patches #vulnerability-management #commerce-and-magento #arbitrary-code-execution #privilege-escalation
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]