"The ColdFusion flaws patched with the latest updates can be exploited to bypass security features, read files from the system, and execute arbitrary code."
"Important-severity issues - including ones allowing code execution, DoS attacks, and privilege escalation - were patched in Experience Manager Screens and the DNG SDK."
"Adobe is not aware of in-the-wild exploitation for any of the vulnerabilities, but a few days ago announced patches for CVE-2026-34621, an Acrobat and Reader zero-day that appears to have been exploited for several months."
Adobe's latest Patch Tuesday updates resolve 55 vulnerabilities across 11 products. Most advisories have a priority rating of 3, indicating low exploitation risk. However, five critical ColdFusion vulnerabilities have a priority rating of 1, necessitating urgent patching due to historical targeting by threat actors. These vulnerabilities can bypass security features, read system files, and execute arbitrary code. Other products like Acrobat Reader and Photoshop also received critical patches. Adobe is unaware of any in-the-wild exploitation of these vulnerabilities, but recent zero-day exploits have been reported.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]