"Adobe's February 2026 Patch Tuesday updates address a total of 44 vulnerabilities discovered by external security researchers in the company's products. The software giant has published nine new advisories announcing patches for Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK. The company has assigned a critical severity rating to over two dozen vulnerabilities that can be exploited for arbitrary code execution, but they are all rated high based on their CVSS scores."
"These types of code execution flaws have been fixed by Adobe in Audition, After Effects, InDesign, Bridge, Lightroom Classic, DNG SDK, and two of the Substance 3D products. The remaining vulnerabilities have been described as important-severity (medium severity based on their CVSS scores) memory exposure and DoS issues. The company says it's not aware of in-the-wild exploitation and, given that it has assigned a priority rating of 3 to all new advisories, does not expect them to be targeted by threat actors."
Adobe released February 2026 Patch Tuesday updates addressing 44 vulnerabilities reported by external researchers across multiple products. Nine advisories provide fixes for Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK. Adobe assigned a critical severity rating to over two dozen vulnerabilities that enable arbitrary code execution, though CVSS scores classify them as high. Code execution flaws were fixed in Audition, After Effects, InDesign, Bridge, Lightroom Classic, the DNG SDK, and two Substance 3D products. Remaining issues are important-severity memory exposure and denial-of-service flaws. Adobe reports no known in-the-wild exploitation, set priority 3 for all advisories, and credited researchers 'Yjdfy' and 'Voidexploit' for many reports.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]