厂商发布
厂商对产品安全、配置或策略的更新说明。
-
Security updates available for Substance 3D Painter | APSB26-55
Adobe has released an update for Adobe Substance 3D Painter. This update addresses critical vulnerabilities in Adobe Substance 3D Painter. Successful exploitation could lead to arbitrary code execution.
Adobe has released an update for Adobe Substance 3D Painter. This update addresses critical vulnerabilities in Adobe Substance 3D Painter. Successful exploitation could lead to arbitrary code execution.Adobe has released an update for Adobe Substance 3D Painter. This update addresses critical vulnerabilities in Adobe Substance 3D Painter. Successful exploitation could lead to arbitrary code execution.扩展字段
{ "affected_products": [ { "platform": "All", "product": "Adobe Substance 3D Painter", "version": "12.0.2 and earlier versions" } ], "bulletin_id": "APSB26-55", "detail_url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-55.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .", "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information." ], "solutions": [ { "availability": "Download Center", "availability_url": "https://www.adobe.com/products/substance3d-painter.html", "platform": "All", "priority": "3", "product": "Adobe Substance 3D Painter", "version": "12.0.3" } ], "summary_paragraphs": [ "Adobe has released an update for Adobe Substance 3D Painter. This update addresses critical vulnerabilities in Adobe Substance 3D Painter. Successful exploitation could lead to arbitrary code execution.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34675", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34676", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" } ] } -
Security updates available for Substance 3D Sampler | APSB26-54
Adobe has released an update for Adobe Substance 3D Sampler. This update addresses a critical vulnerability in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution.
Adobe has released an update for Adobe Substance 3D Sampler. This update addresses a critical vulnerability in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution.Adobe has released an update for Adobe Substance 3D Sampler. This update addresses a critical vulnerability in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution.扩展字段
{ "affected_products": [ { "platform": "All", "product": "Adobe Substance 3D Sampler", "version": "5.1.3 and earlier versions" } ], "bulletin_id": "APSB26-54", "detail_url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-54.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .", "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information." ], "solutions": [ { "availability": "Download Center", "availability_url": "https://www.adobe.com/products/substance3d-sampler.html", "platform": "All", "priority": "3", "product": "Adobe Substance 3D Sampler", "version": "6.0" } ], "summary_paragraphs": [ "Adobe has released an update for Adobe Substance 3D Sampler. This update addresses a critical vulnerability in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34674", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Heap-based Buffer Overflow ( CWE-122 )", "Vulnerability Impact": "Arbitrary code execution" } ] } -
Security updates available for Substance 3D Designer | APSB26-52
Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user.
Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user.Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user.扩展字段
{ "affected_products": [ { "platform": "All", "product": "Adobe Substance 3D Designer", "version": "15.1.0 and earlier versions" } ], "bulletin_id": "APSB26-52", "detail_url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb26-52.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .", "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information." ], "solutions": [ { "availability": "Download Center", "availability_url": "https://www.adobe.com/products/substance3d-designer.html", "platform": "All", "priority": "3", "product": "Adobe Substance 3D Designer", "version": "16.0.1" } ], "summary_paragraphs": [ "Adobe has released an update for Adobe Substance 3D Designer that addresses important vulnerabilities. Successful exploitation could lead to arbitrary file system read and arbitrary code execution in the context of the current user.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34664", "CVSS base score": "6.3", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Server-Side Request Forgery (SSRF) ( CWE-918 )", "Vulnerability Impact": "Arbitrary file system read" }, { "CVE Numbers": "CVE-2026-34681", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34682", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34683", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34684", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" } ] } -
Security Updates Available for Adobe Illustrator | APSB26-51
Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.
Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.扩展字段
{ "acknowledgments": [ "Adobe would like to thank the following researcher for reporting these issues and for working with Adobe to help protect our customers:", "Francis Provencher (prl) -- CVE-2026-34661, CVE-2026-34662, CVE-2026-34663, CVE-2026-34687", "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe .", "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]." ], "affected_products": [ { "platform": "Windows", "product": "Illustrator 2025", "version": "29.8.6 and earlier" }, { "platform": "Windows", "product": "Illustrator 2026", "version": "30.3 and earlier" } ], "bulletin_id": "APSB26-51", "detail_url": "https://helpx.adobe.com/security/products/illustrator/apsb26-51.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page ." ], "solutions": [ { "availability": "Download Page", "availability_url": "https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.adobe.com%2Fproducts%2Fcatalog.html&data=05%7C02%7Crkang%40adobe.com%7C9a0f89be2e9c477c1ec208de738da609%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C639075249372578591%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=J83I%2FlaFq7zpPxz%2BXGAw%2BWNQ3CkHDzFhm1HYKSTW8vs%3D&reserved=0", "platform": "Windows and macOS", "priority": "3", "product": "Illustrator 2025", "version": "29.8.7" }, { "availability": "Download Page", "availability_url": "https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.adobe.com%2Fproducts%2Fcatalog.html&data=05%7C02%7Crkang%40adobe.com%7C9a0f89be2e9c477c1ec208de738da609%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C639075249372600167%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ywtu9syiaiZUq7gZyq641Vf5luRJwc2yZm6IbCQiOyY%3D&reserved=0", "platform": "Windows and macOS", "priority": "3", "product": "Illustrator 2026", "version": "30.4" } ], "summary_paragraphs": [ "Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34661", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34662", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "Severity": "Important", "Vulnerability Category": "NULL Pointer Dereference ( CWE-476 )", "Vulnerability Impact": "Application denial-of-service" }, { "CVE Numbers": "CVE-2026-34663", "CVSS base score": "5.5", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "Severity": "Important", "Vulnerability Category": "Out-of-bounds Read ( CWE-125 )", "Vulnerability Impact": "Memory exposure" }, { "CVE Numbers": "CVE-2026-34687", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Heap-based Buffer Overflow ( CWE-122 )", "Vulnerability Impact": "Arbitrary code execution" } ] } -
Security update available for Adobe Connect | APSB26-50
Adobe has released a security update for Adobe Connect. This update resolves critical vulnerabilities that could lead to arbitrary code execution and privilege escalation.
Adobe has released a security update for Adobe Connect. This update resolves critical vulnerabilities that could lead to arbitrary code execution and privilege escalation.Adobe has released a security update for Adobe Connect. This update resolves critical vulnerabilities that could lead to arbitrary code execution and privilege escalation.扩展字段
{ "acknowledgments": [ "Adobe would like to thank the following researchers for reporting these issue and for working with Adobe to help protect our customers:", "Laish (a_l) -- CVE-2026-34659, CVE-2026-34660", "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe .", "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]." ], "affected_products": [ { "platform": "Windows and macOS", "product": "Adobe Connect Desktop Application", "version": "2025.9.15 (Windows) 2025.8.157 (macOS)" } ], "bulletin_id": "APSB26-50", "detail_url": "https://helpx.adobe.com/security/products/connect/apsb26-50.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the latest version." ], "solutions": [ { "availability": "Release Notes", "availability_url": "https://helpx.adobe.com/adobe-connect/release-note/adobe-connect-2026-3-application-release-notes.html", "platform": "Windows and macOS", "priority": "3", "product": "Adobe Connect Desktop Application", "version": "2026.3.125 (Windows) 2026.01.39 (macOS)" } ], "summary_paragraphs": [ "Adobe has released a security update for Adobe Connect. This update resolves critical vulnerabilities that could lead to arbitrary code execution and privilege escalation.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Number": "CVE-2026-34659", "CVSS base score": "9.6", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Deserialization of Untrusted Data ( CWE-502 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Number": "CVE-2026-34660", "CVSS base score": "9.3", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "Severity": "Critical", "Vulnerability Category": "Incorrect Authorization ( CWE-863 )", "Vulnerability Impact": "Privilege escalation" } ] } -
Security update available for Adobe Commerce | APSB26-49
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical , important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system write, application denial-of-service, and security feature bypass.
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical , important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system write, application denial-of-service, and security feature bypass.Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical , important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system write, application denial-of-service, and security feature bypass.扩展字段
{ "acknowledgments": [ "Adobe would like to thank the following researchers for reporting these issues and working with Adobe to help protect our customers:", "thlassche -- CVE-2026-34645, CVE-2026-34646, CVE-2026-34656", "0x0doteth -- CVE-2026-34647", "bau1u -- CVE-2026-34648, CVE-2026-34649, CVE-2026-34650, CVE-2026-34651", "wash0ut -- CVE-2026-34652", "rez0 -- CVE-2026-34653", "akouba -- CVE-2026-34654", "srcoder -- CVE-2026-34655", "schemonah -- CVE-2026-34658", "truff -- CVE-2026-34685", "Ray Wolf (raywolfmaster) -- CVE-2026-34686", "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe .", "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]." ], "bulletin_id": "APSB26-49", "detail_url": "https://helpx.adobe.com/security/products/magento/apsb26-49.html", "last_updated": "05/14/2026", "originally_posted": "05/12/2026", "priority": "2", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version." ], "solutions": [ { "availability": "2.4.x Release Notes", "availability_url": "https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/adobe-commerce/overview", "platform": "All", "priority": "2", "product": "Adobe Commerce", "version": "2.4.9 2.4.8-p5 2.4.7-p10 2.4.6-p15 2.4.5-p17 2.4.4-p18" }, { "availability": "2.4.x Release Notes", "availability_url": "https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/adobe-commerce/overview", "platform": "All", "priority": "2", "product": "Adobe Commerce B2B", "version": "1.5.3 1.5.2-p5 1.4.2-p10 1.3.4-p17 1.3.3-p18" }, { "availability": "2.4.x Release Notes", "availability_url": "https://experienceleague.adobe.com/en/docs/commerce-operations/release/notes/adobe-commerce/overview", "platform": "All", "priority": "2", "product": "Magento Open Source", "version": "2.4.9 2.4.8-p5 2.4.7-p10 2.4.6-p15" } ], "summary_paragraphs": [ "Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical , important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, arbitrary file system write, application denial-of-service, and security feature bypass.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34645", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Incorrect Authorization ( CWE-863 )", "Vulnerability Impact": "Security feature bypass" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34646", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Incorrect Authorization ( CWE-863 )", "Vulnerability Impact": "Security feature bypass" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34647", "CVSS base score": "7.4", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Server-Side Request Forgery (SSRF) ( CWE-918 )", "Vulnerability Impact": "Security feature bypass" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34648", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Uncontrolled Resource Consumption ( CWE-400 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34649", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Uncontrolled Resource Consumption ( CWE-400 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34650", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Uncontrolled Resource Consumption ( CWE-400 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34651", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Uncontrolled Resource Consumption ( CWE-400 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34652", "CVSS base score": "7.5", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Dependency on Vulnerable Third-Party Component ( CWE-1395 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34686", "CVSS base score": "8.7", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Cross-site Scripting (Stored XSS) ( CWE-79 )", "Vulnerability Impact": "Arbitrary code execution" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34653", "CVSS base score": "8.7", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Critical", "Vulnerability Category": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ( CWE-22 )", "Vulnerability Impact": "Arbitrary file system write" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34654", "CVSS base score": "5.3", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "Important", "Vulnerability Category": "Dependency on Vulnerable Third-Party Component ( CWE-1395 )", "Vulnerability Impact": "Application denial-of-service" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34655", "CVSS base score": "4.8", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Important", "Vulnerability Category": "Cross-site Scripting (Stored XSS) ( CWE-79 )", "Vulnerability Impact": "Arbitrary code execution" }, { "Authentication required to exploit?": "No", "CVE number(s)": "CVE-2026-34656", "CVSS base score": "4.3", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "Exploit requires admin privileges?": "No", "Notes": null, "Severity": "important", "Vulnerability Category": "Improper Authorization ( CWE-285 )", "Vulnerability Impact": "Security feature bypass" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34658", "CVSS base score": "4.8", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Important", "Vulnerability Category": "Cross-site Scripting (Stored XSS) ( CWE-79 )", "Vulnerability Impact": "Arbitrary code execution" }, { "Authentication required to exploit?": "Yes", "CVE number(s)": "CVE-2026-34685", "CVSS base score": "3.4", "CVSS vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", "Exploit requires admin privileges?": "Yes", "Notes": null, "Severity": "Moderate", "Vulnerability Category": "Improper Input Validation ( CWE-20 )", "Vulnerability Impact": "Arbitrary code execution" } ], "vulnerability_paragraphs": [ "Authentication required to exploit: The vulnerability is (or is not) exploitable without credentials.", "Exploit requires admin privileges: The vulnerability is (or is not) only exploitable by an attacker with administrative privileges." ] } -
Security Updates Available for Adobe After Effects | APSB26-48
Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical security vulnerabilities. Successful exploitation could lead to arbitrary code execution.
Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical security vulnerabilities. Successful exploitation could lead to arbitrary code execution.Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical security vulnerabilities. Successful exploitation could lead to arbitrary code execution.扩展字段
{ "acknowledgments": [ "Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:", "voidexploit -- CVE-2026-34690", "yjdfy -- CVE-2026-34642, CVE-2026-34643, CVE-2026-34644", "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe", "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]." ], "affected_products": [ { "platform": "Windows and macOS", "product": "Adobe After Effects", "version": "25.6.4 and earlier versions" }, { "platform": "Windows and macOS", "product": "Adobe After Effects", "version": "26.0 and earlier versions" } ], "bulletin_id": "APSB26-48", "detail_url": "https://helpx.adobe.com/security/products/after_effects/apsb26-48.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page .", "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information." ], "solutions": [ { "availability": "Download Center", "availability_url": "https://www.adobe.com/products/catalog.html#category=creativity-design&types=desktop", "platform": "Windows and macOS", "priority": "3", "product": "Adobe After Effects", "version": "25.6.5" }, { "availability": "Download Center", "availability_url": "https://www.adobe.com/products/catalog.html#category=creativity-design&types=desktop", "platform": "Windows and macOS", "priority": "3", "product": "Adobe After Effects", "version": "26.2" } ], "summary_paragraphs": [ "Adobe has released an update for Adobe After Effects for Windows and macOS. This update addresses critical security vulnerabilities. Successful exploitation could lead to arbitrary code execution.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34690", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Stack-based Buffer Overflow ( CWE-121 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34642", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Heap-based Buffer Overflow ( CWE-122 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34643", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34644", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Integer Overflow or Wraparound ( CWE-190 )", "Vulnerability Impact": "Arbitrary code execution" } ] } -
Security Updates Available for Adobe Media Encoder | APSB26-47
Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution.
Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution.Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution.扩展字段
{ "acknowledgments": [ "Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:", "yjdfy -- CVE-2026-34639, CVE-2026-34640", "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe", "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]" ], "affected_products": [ { "platform": "Windows and macOS", "product": "Adobe Media Encoder", "version": "25.6.4 and earlier versions" }, { "platform": "Windows and macOS", "product": "Adobe Media Encoder", "version": "26.0.2 and earlier versions" } ], "bulletin_id": "APSB26-47", "detail_url": "https://helpx.adobe.com/security/products/media-encoder/apsb26-47.html", "last_updated": "05/12/2026", "originally_posted": "05/12/2026", "priority": "3", "solution_paragraphs": [ "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .", "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information." ], "summary_paragraphs": [ "Adobe has released an update for Adobe Media Encoder. This update resolves critical vulnerabilities that could lead to arbitrary code execution.", "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." ], "vulnerabilities": [ { "CVE Numbers": "CVE-2026-34639", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Out-of-bounds Write ( CWE-787 )", "Vulnerability Impact": "Arbitrary code execution" }, { "CVE Numbers": "CVE-2026-34640", "CVSS base score": "7.8", "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "Severity": "Critical", "Vulnerability Category": "Integer Overflow or Wraparound ( CWE-190 )", "Vulnerability Impact": "Arbitrary code execution" } ] }