Adobe Closes 52 Security Vulnerabilities in Multiple Programs

On May 13, 2026, Adobe released a series of security updates that address a total of 52 vulnerabilities across several of its programs. These updates are documented in ten Security Bulletins and affect applications such as After Effects, Illustrator, Premiere Pro, and Commerce. The vulnerabilities have been categorized, with 27 deemed critical. The updates affect not only Windows and macOS but also other platforms.

Adobe has assigned the lowest urgency level 3 to most updates, while the updates for Commerce have received a medium priority level 2. So far, no attacks exploiting these vulnerabilities have been reported. The largest number of fixed vulnerabilities is found in the Adobe Commerce solution, where 15 vulnerabilities have been closed, ten of which are classified as critical. These critical vulnerabilities include various types, such as Denial of Service (DoS), Security Feature Bypass (SFB), and Arbitrary Code Execution (ACE).

The Content Authenticity SDK is represented for the first time on Patch Day and has closed 14 security vulnerabilities, of which only one is classified as critical (CVE-2026-34665). This SDK is available in JavaScript and Rust and supports multiple platforms, including Linux, iOS, and Android. In After Effects, four security vulnerabilities have been closed, all of which are classified as critical. Premiere Pro and Media Encoder each had three and two critical vulnerabilities, respectively, that have also been addressed. The Connect Desktop App has two critical vulnerabilities that have been closed as well.

For Illustrator, Adobe has fixed four vulnerabilities, including two critical ones. In the Substance 3D programs, a total of five vulnerabilities in Substance 3D Designer have been classified as high risk, while Substance 3D Painter and Substance 3D Sampler each have two and one critical vulnerabilities. Adobe recommends updating all programs to the latest versions to ensure security. The latest security bulletins are available on the company's official website. The versions affected by the vulnerabilities include After Effects 25.6.4 and earlier, which should be updated to 25.6.54.

The vulnerability CVE-2026-34665 affects the Content Authenticity SDK and is the only critical vulnerability in this category. Adobe has also provided corresponding updates for Commerce B2B to enhance platform security. Adobe continues to maintain several version branches with updates to ensure the security of its software products. The security updates are part of the company's ongoing efforts to protect the integrity of its software and safeguard users from potential threats. The security updates are available immediately and should be installed by all users to protect their systems. Adobe has detailed the vulnerabilities in the Security Bulletins, which can be viewed on the company's website.