- 90/2026
- Critical
Adobe has released security updates to address several vulnerabilities affecting Adobe Acrobat DC, Acrobat 2024, Acrobat Reader DC and Adobe ColdFusion.
The addressed vulnerabilities could allow the attacker to perform denial-of-service attacks, obtain sensitive information, bypass security restrictions, execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Adobe ColdFusion Improper Input Validation Remote Code Execution Vulnerability (CVE-2026-27304):
- CVSS: 9.3
- Attack Vector: Adjacent
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Adobe ColdFusion Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2026-27305):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2026-34622
- CVE-2026-34626
- CVE-2026-27304
- CVE-2026-27305
- CVE-2026-27306
- CVE-2026-34619
- CVE-2026-27282
- CVE-2026-27307
- CVE-2026-27308
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.