Vulnerabilities Adobe Patches 80 Vulnerabilities Across Eight Products Adobe has rolled out patches for 80 vulnerabilities across 8 products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro. By Ionut Arghire | March 10, 2026 (2:22 PM ET) Flipboard Reddit Whatsapp Whatsapp Email Adobe on Tuesday announced patches for 80 vulnerabilities across 8 products, including Commerce, Illustrator, Acrobat Reader, and Premiere Pro. The company rolled out fixes for 19 flaws in Adobe Commerce and Magento Open Source, urging users to apply the patches within the next 30 days, based on these products being a known target for threat actors. The update resolves six high-severity bugs, five of which could lead to privilege escalation: CVE-2026-21290, CVE-2026-21361, CVE-2026-21284, CVE-2026-21311, and CVE-2026-21309. The sixth, tracked as CVE-2026-21289, leads to security feature bypass. Per Adobe’s advisory , the remaining defects are medium- and low-severity issues leading to arbitrary code execution, privilege escalation, security feature bypasses, and denial-of-service (DoS). Fixes for these bugs were released for Adobe Commerce versions 2.4.4 to 2.4.9, Adobe Commerce B2B versions 1.3.3 to 1.5.3, and Magento Open Source versions 2.4.5 to 2.4.9. Adobe Illustrator received patches for seven vulnerabilities, including five bugs that could lead to arbitrary code execution: CVE-2026-21333, CVE-2026-21362, CVE-2026-27271, CVE-2026-27272, and CVE-2026-27267. Advertisement. Scroll to continue reading. High-severity security defects leading to arbitrary code execution were also resolved in Acrobat Reader, Premiere Pro, Substance 3D Stager, and DNG Software Development Kit (SDK). Unlike the Adobe Commerce advisory, which has a priority rating of 2, these have priority ratings of 3, meaning that the products are less likely to be targeted by threat actors. Adobe’s fresh round of security updates also resolves medium- and low-severity vulnerabilities in these products, as well as in Substance 3D Painter and Experience Manager. Adobe makes no mention of any of these security defects being exploited in the wild. Additional information can be found on the company’s PSIRT page . Related: SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities Related: Cisco Patches Critical Vulnerabilities in Enterprise Networking Products Related: Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps Related: Adobe Patches Critical Apache Tika Bug in ColdFusion Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Escape Raises $18 Million to Automate Pentesting Recent Ivanti Endpoint Manager Flaw Exploited in Attacks ClickFix Attack Uses Windows Terminal to Evade Detection Internet Infrastructure TLD .arpa Abused in Phishing Attacks Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign Over 100 GitHub Repositories Distributing BoryptGrab Stealer ArmorCode Raises $16 Million for Exposure Management Platform CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List Latest News Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP Kai Emerges From Stealth With $125M in Funding for AI Platform Bridging IT and OT Security Webinar Today: Securing Fragile OT in an Exposed World SAP Patches Critical FS-QUO, NetWeaver Vulnerabilities Thousands Affected by Ericsson Data Breach OpenAI Rolls Out Codex Security Vulnerability Scanner Kevin Mandia’s Armadin Launches With $190 Million in Funding Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Ed Jennings has been appointed President and CEO at Darktrace. Ironscales has appointed Steven Malone as CSO and Amit Bluman as SVP of Research & Development. Synack has appointed Angela Heindl-Schober Chief Marketing Officer. More People On The Move Expert Insights SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Flipboard Reddit Whatsapp Whatsapp Email