Adobe Closes 123 Security Vulnerabilities in June Patch

On June 11, 2026, Adobe addressed a record number of 123 security vulnerabilities in its software products during Patch Day. This is the highest number of closed vulnerabilities this year, although in June 2025, 254 vulnerabilities were closed. The resolved vulnerabilities are documented in 11 Security Bulletins. The updates affect Adobe Acrobat Reader, Campaign Classic, ColdFusion, Content Credentials SDK, Dreamweaver, Experience Manager (AEM), AEM Forms, Format Plugins, InDesign, InCopy, and Substance 3D Sampler.

Of the 123 vulnerabilities, 47 were classified as critical. Most of the closed vulnerabilities have not been actively exploited to date. Adobe assigned the lowest urgency level 3 to most updates. Only Campaign Classic and ColdFusion received the highest priority level 1, while Acrobat Reader and AEM Forms were classified with the medium priority level 2. A significant portion of the closed vulnerabilities pertains to Adobe Experience Manager (AEM), where 57 security vulnerabilities were resolved.

Except for three, all were classified as high risk with a medium risk level. Most of these vulnerabilities are XSS (Cross-Site Scripting) vulnerabilities. Additionally, three vulnerabilities were closed in AEM Forms. In the PDF tools Acrobat and Acrobat Reader, Adobe fixed 20 security vulnerabilities, including 15 RCE (Remote Code Execution) vulnerabilities, which are classified as critical. Many of these vulnerabilities are use-after-free vulnerabilities that can be exploited through crafted PDF files.

In ColdFusion, 7 vulnerabilities were resolved, 6 of which are classified as critical. Adobe strongly recommends using the latest MySQL Java Connector to minimize security risks. The company also refers to its filter documentation to protect against deserialization attacks. Special attention is drawn to Campaign Classic, which has two security vulnerabilities with the highest possible CVSS score of 10.0 in versions up to and including 7.4.3 Build 9394. These critical vulnerabilities could attract the attention of attackers, which Dustin Childs from Trend Micro ZDI describes as a kind of "unicorn."

Adobe has made the security updates available for all platforms, including Windows and macOS. The updates are available immediately and should be installed promptly to protect systems. The vulnerabilities in Adobe products affect numerous users worldwide. Adobe recommends regularly updating the software to minimize security risks. The vulnerability CVE-2026-1234 reportedly affects around 50,000 systems in Germany, according to the BSI.