VULNERABILITIES Patch Tuesday: Adobe Fixes 44 Vulnerabilities in Creative Apps The company has fixed several critical vulnerabilities that can be exploited for arbitrary code execution. By Eduard Kovacs | February 10, 2026 (12:36 PM ET) Flipboard Reddit Whatsapp Email Adobe’s February 2026 Patch Tuesday updates address a total of 44 vulnerabilities discovered by external security researchers in the company’s products. The software giant has published nine new advisories announcing patches for Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK. The company has assigned a critical severity rating to over two dozen vulnerabilities that can be exploited for arbitrary code execution, but they are all rated high based on their CVSS scores. These types of code execution flaws have been fixed by Adobe in Audition, After Effects, InDesign, Bridge, Lightroom Classic, DNG SDK, and two of the Substance 3D products. The remaining vulnerabilities have been described as important-severity (medium severity based on their CVSS scores) memory exposure and DoS issues. The company says it’s not aware of in-the-wild exploitation and, given that it has assigned a priority rating of 3 to all new advisories, does not expect them to be targeted by threat actors. ADVERTISEMENT. SCROLL TO CONTINUE READING. Researchers who use the online monikers ‘Yjdfy’ and ‘Voidexploit’ have been credited for reporting a majority of the vulnerabilities patched with the latest round of updates. Related: Adobe Patches Critical Apache Tika Bug in ColdFusion Related: Adobe ColdFusion Servers Targeted in Coordinated Campaign Related: Adobe Patches Nearly 140 Vulnerabilities WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool Lema AI Emerges From Stealth With $24 Million to Tackle Third-Party Risk Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats Cybersecurity M&A Roundup: 34 Deals Announced in January 2026 Flickr Security Incident Tied to Third-Party Email System 5 Bills to Boost Energy Sector Cyber Defenses Clear House Panel Concerns Raised Over CISA’s Silent Ransomware Updates in KEV Catalog Substack Discloses Security Incident After Hacker Leaks Data Latest News Reco Raises $30 Million to Enhance AI SaaS Security Vega Raises $120M in Series B Funding to Grow Security Analytics Platform RATs in the Machine: Inside a Pakistan-Linked Three-Pronged Cyber Assault on India SAP Patches Critical CRM, S/4HANA, NetWeaver Vulnerabilities Backslash Raises $19 Million to Secure Vibe Coding New ‘ZeroDayRAT’ Spyware Kit Enables Total Compromise of iOS, Android Devices New ‘SSHStalker’ Linux Botnet Uses Old Techniques BeyondTrust Patches Critical RCE Vulnerability TRENDING Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit PEOPLE ON THE MOVE Pennsylvania has named Andy Ritter as CISO and Jim Sipe as executive deputy CIO. Hayete Gallot has rejoined Microsoft as Executive Vice President, Security. Torq has appointed industry veteran John White as Field CISO. More People On The Move EXPERT INSIGHTS Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity To all those who are fighting the good fight in the world of cyber, keep collaborating to ensure our world never succumbs to the chaos of the Upside Down. (Nadir Izrael) Why Identity Security Must Move Beyond MFA By integrating identity threat detection with MFA, organizations can protect sensitive data, maintain operational continuity, and reduce risk exposure. (Torsten George) Forget Predictions: True 2026 Cybersecurity Priorities From Leaders Security leaders chart course beyond predictions with focus on supply chain, governance, and team efficiency. (Jennifer Leggio) Flipboard Reddit Whatsapp Email