Accessibility Options |  Sitemap |  Contact Us
   
 
 
 
HOME space ABOUTCERTIn space KNOWLEDGEBASE space TRAINING space ADVISORIES space VULNOTES space space Facebook space x space insta space youtube space Linkedin
WLine
DigitalIndia
WLine
csk
WLine
Full Member FIRST
Line
Operational Member TFCSIRT
Line
Accredited Member APCERT
Line
Global Research Partner APWG
Line
Associate Partner Charter
Line
CNA
WLine
 Directions by CERT-In under  Section 70B, Information  Technology Act 2000
WLine
 Guidelines on Information  Security Practices for  Government Entities
WLine
 15 Elemental Cyber NEW
 Defense Controls for Micro,
 Small, and Medium Enterprises
 (MSMEs)
WLine
 Technical Guidelines on NEW  SBOM, QBOM & CBOM, AIBOM
 and HBOM Version 2.0
WLine
 Cyber Security Guidelines for
 Smart City Infrastructure NEW
WLine
 Cyber Security Framework
 and Guidelines for Space NEW
 including Satellite
 Communication
About CERT-in
Line
point point Client's /Citizen's Charter
Line
point point Roles & Functions
Line
point point Advisory Committee
Line
point point Act/Rules/Regulations
Line
point point Internal Complaint Committee         (ICC) 
Line
point point RFC2350 
line
point point Press  
Line
point point Tender 
Line
point point Subscribe Mailing List
Line
point point Contact Us
Line
Line
Reporting
point
 Incident Reporting
point
Line
point
 Vulnerability Reporting
point
Line
point
 Feedback
point
Line
KnowledgeBase
Line
point Point Guidelines
Line
point Point Presentations
Line
point Point White Papers 
Line
point Point Annual Report 
Line
Line
Line
line
Line
line
line
Advisories
Line
VulnerabilityNotes
Line
RelatedLinks
Line
point Point World CERTs
Line
point point Antivirus Resources
line
point point FAQ
line
line
Line
Line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
line
spacer
Home - AdvisoriesPrint
point

CERT-In Advisory CIAD-2026-0018

Multiple Vulnerabilities in Adobe Products

Original Issue Date: April 16, 2026

Severity Rating: High

Software Affected

  • Acrobat DC 26.001.21411 & 26.001.21367 and earlier
  • Acrobat Reader DC 26.001.21411 & DC 26.001.21367 and earlier
  • Acrobat 2024 24.001.30362 and earlier for Window
  • Acrobat 2024 24.001.30360 and earlier for Mac
  • Acrobat 2024 24.001.30356 and earlier
  • Adobe InDesign ID21.2 & ID20.5.2 and earlier versions
  • Adobe InCopy 21.2 & 20.5.2 and earlier versions
  • Adobe Experience Manager (AEM) Screens 6.5 Service Pack 24 or earlier 
  • Adobe Experience Manager (AEM) Screens Feature Pack 11.7 or earlier
  • Adobe Frame Maker 2022 Release Update 8 and earlier  
  • Adobe Connect 12.10 and earlier  
  • Adobe Connect Desktop Application 2025.3 and earlier
  • ColdFusion 2023 Update 18 & 2025 Update 6 and earlier versions
  • Adobe Bridge 16.0.2 & 15.1.4 (LTS) and earlier versions
  • Photoshop 2026 27.4 and earlier versions 
  • Adobe DNG Software Development Kit (SDK) DNG SDK 1.7.1 build 2502 and earlier
  • Illustrator 2025 29.8.5 & 2026 30.2 and earlier

Overview

Multiple vulnerabilities have been reported in Adobe products, which could be exploited by an attacker to execute arbitrary code, bypass security restriction, access sensitive information, cross-site scripting (DOM-based XSS) attacks or cause denial of service (DoS) condition on the targeted system.

Target Audience:
Individuals and IT administrators, end-users or security teams responsible for maintaining and updating Adobe products

Risk Assessment:
High risk of unauthorized access to sensitive data, system compromise

Impact Assessment:
Arbitrary code execution, security feature bypass, service disruption or access sensitive information.

Description

Multiple vulnerabilities exist in Adobe products due to improperly handled of object prototype attributes, use after free, out-of-bounds read, out-of-bounds write, heap-based buffer overflow, improper input validation, type confusion, Integer underflow, deserialization of untrusted data, and path traversal.

Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code, bypass security restriction, access sensitive information, cross-site scripting (DOM-based XSS) attacks or cause denial of service (DoS) condition on the targeted system.

Solution

Apply appropriate security updates as mentioned in Adobe Security Bulletin:  
https://helpx.adobe.com/security.html

References

Adobe
https://helpx.adobe.com/security.html

CVE Name
CVE-2026-21331
CVE-2026-27222
CVE-2026-27238
CVE-2026-27243
CVE-2026-27245
CVE-2026-27246
CVE-2026-27258
CVE-2026-27259
CVE-2026-27260
CVE-2026-27282
CVE-2026-27283
CVE-2026-27284
CVE-2026-27285
CVE-2026-27286
CVE-2026-27287
CVE-2026-27288
CVE-2026-27289
CVE-2026-27290
CVE-2026-27291
CVE-2026-27292
CVE-2026-27293
CVE-2026-27294
CVE-2026-27295
CVE-2026-27296
CVE-2026-27297
CVE-2026-27298
CVE-2026-27299
CVE-2026-27300
CVE-2026-27301
CVE-2026-27302
CVE-2026-27303
CVE-2026-27304
CVE-2026-27305
CVE-2026-27306
CVE-2026-27307
CVE-2026-27308
CVE-2026-27310
CVE-2026-27311
CVE-2026-27312
CVE-2026-27313
CVE-2026-34614
CVE-2026-34615
CVE-2026-34617
CVE-2026-34618
CVE-2026-34619
CVE-2026-34621
CVE-2026-34622
CVE-2026-34623
CVE-2026-34624
CVE-2026-34625
CVE-2026-34626
CVE-2026-34627
CVE-2026-34628
CVE-2026-34629
CVE-2026-34630
CVE-2026-34631

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

 
Indian Computer Emergency Response Team - CERT-In, Ministry of Electronics and Information Technology, Government of India.
Website Policies |  Terms of Use |  Help Last Updated On April 28, 2026