ADOBE has rolled out patches for 80 vulnerabilities across eight products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro. The update fixes 19 flaws in Adobe Commerce and Magento Open Source, with users urged to apply the patches within 30 days as these products are a known target for threat actors, according to Adobe advisory.
Six high-severity bugs are addressed, five of which could lead to privilege escalation: CVE-2026-21290, CVE-2026-21361, CVE-2026-21284, CVE-2026-21311, and CVE-2026-21309, while CVE-2026-21289 leads to a security feature bypass; the remaining defects are medium- and low-severity issues enabling arbitrary code execution, privilege escalation, security feature bypasses, and DoS.
Adobe Illustrator received patches for seven vulnerabilities, including five that could lead to arbitrary code execution (CVE-2026-21333, CVE-2026-21362, CVE-2026-27271, CVE-2026-27272, CVE-2026-27267). High-severity fixes also cover Acrobat Reader, Premiere Pro, Substance 3D Stager, and the DNG Software Development Kit, with other medium- and low-severity updates in Substance 3D Painter and Experience Manager.