- 59/2026
- High
Adobe has released security updates to address several vulnerabilities across multiple Adobe products.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, bypass security restrictions, gain elevated privileges, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Adobe Commerce Cross-Site Scripting Vulnerability (CVE-2026-21290):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Privileges
2. Adobe Acrobat Reader Use After Free Vulnerability (CVE-2026-27278):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Remote Code Execution
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.