ADOBE on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, with several critical-severity bugs that could lead to arbitrary code execution and privilege escalation. According to Adobe’s PSIRT page, the Connect update includes two critical flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS 9.6) and privilege escalation (CVE-2026-34660, CVSS 9.3).
The Commerce update resolved the largest number of defects, while Content Authenticity SDK patches totalled 14 flaws, all of which could lead to an application DoS. High-severity code execution issues were also fixed in After Effects (four), Premiere Pro (three), Media Encoder (two), Substance 3D Painter (two) and Substance 3D Sampler (one), with Illustrator addressing two high-severity and two medium-severity issues leading to DoS and memory exposure.
Adobe assigned a priority rating of 2 to the Commerce update, and 3 to the remaining updates; the company says none of the vulnerabilities are known to have been exploited in the wild. 12 May 2026.