Adobe Family March 2026 Routine Security Update Advisory for Adobe products
Overview
Adobe(https://adobe.com) has released a security update that addresses a vulnerability in its supplied products. users of affected systems are advised to update to the latest version.
Affected Products
Acrobat DC continuous
Acrobat Reader DC continuous
Acrobat 2024 classic 2024
Illustrator 2025 29.8.4 and earlier
Illustrator 2026 30.1 and earlier
Adobe Commerce 2.4.9-alpha3 and earlier
Adobe Commerce 2.4.8-p3 and earlier
Adobe Commerce 2.4.7-p8 and earlier
Adobe Commerce 2.4.6-p13 and earlier
Adobe Commerce 2.4.5-p15 and earlier
Adobe Commerce 2.4.4-p16 and earlier
Adobe Commerce B2B 1.5.3-alpha3 and earlier
Adobe Commerce B2B 1.5.2-p3 and earlier
Adobe Commerce B2B 1.4.2-p8 and earlier
Adobe Commerce B2B 1.3.5-p13 and earlier
Adobe Commerce B2B 1.3.4-p15 and earlier
Adobe Commerce B2B 1.3.3-p16 and earlier
Magento Open Source 2.4.9-alpha3
Magento Open Source 2.4.8-p3 and earlier
Magento Open Source 2.4.7-p8 and earlier
Magento Open Source 2.4.6-p13 and earlier
Magento Open Source 2.4.5-p15 and earlier
Adobe Premiere Pro 25.5 and earlier
Resolved Vulnerabilities
Arbitrary code execution vulnerability due to unclaimed memory usage (UAF) in Acrobat DC (CVE-2026-27220)
Arbitrary code execution vulnerability due to unclaimed memory usage (UAF) in Acrobat DC (CVE-2026-27278)
Privilege escalation vulnerability due to improper verification of cryptographic signature in Acrobat DC (CVE-2026-27221)
Arbitrary code execution vulnerability due to untrusted search path in Illustrator 2025 (CVE-2026-21333)
Arbitrary code execution vulnerability due to out-of-bounds writes to memory in Illustrator 2025 (CVE-2026-21362)
Arbitrary code execution vulnerability due to heap memory-based buffer overflow in Illustrator 2025 (CVE-2026-27271)
Arbitrary code execution vulnerability due to an out-of-bounds write to memory in Illustrator 2025 (CVE-2026-27272)
Arbitrary code execution vulnerability due to a stack-based buffer overflow in Illustrator 2025 (CVE-2026-27267)
Memory exposure vulnerability due to an out-of-bounds read of memory in Illustrator 2025 (CVE-2026-27268)
Arbitrary code execution vulnerability due to an out-of-bounds read in memory in Illustrator 2025 (CVE-2026-27270)
Privilege escalation vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21361)
Privilege escalation vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21284)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21289)
Privilege escalation vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21290)
Privilege escalation vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21311)
Privilege escalation vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21309)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21285)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21286)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21291)
Arbitrary code execution vulnerability due to cross-site scripting (Stored XSS) in Adobe Commerce (CVE-2026-21292)
Arbitrary file read vulnerability due to server-side request manipulation (SSRF) in Adobe Commerce (CVE-2026-21293)
Security feature bypass vulnerability due to server-side request manipulation (SSRF) in Adobe Commerce (CVE-2026-21294)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21359)
Security feature bypass vulnerability due to lack of pathname restriction in Adobe Commerce (CVE-2026-21360)
Application Denial of Service Vulnerability Due to Insufficient Input Value Validation in Adobe Commerce (CVE-2026-21282)
Security feature bypass vulnerability due to lack of input value validation in Adobe Commerce (CVE-2026-21310)
Security feature bypass vulnerability due to URL redirection to untrusted site (‘open redirect’) in Adobe Commerce (CVE-2026-21295)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21296)
Security feature bypass vulnerability due to malformed authorization in Adobe Commerce (CVE-2026-21297)
Arbitrary code execution vulnerability due to an out-of-bounds read of memory in Adobe Premiere Pro (CVE-2026-27269)
Vulnerability Patches
The March 10, 2026 update provided the following product-specific vulnerability patches
Acrobat DC continuous
Acrobat Reader DC continuous
Acrobat 2024 classic 2024
Illustrator 2025 29.8.5 and later
Illustrator 2026 30.2 and later versions
Adobe Commerce 2.4.9-beta1 for 2.4.9-alpha32.4.8-p4 for 2.4.8-p3 and earlier2.4.7-p9 for 2.4.7-p8 and earlier2.4.6-p14 for 2.4.6-p13 and earlier2.4.5-p16 for 2.4.5-p15 and earlier2.4.4-p17 for 2.4.4-p16 and earlier
Adobe Commerce B2B 1.5.3-beta1 for 1.5.3-alpha31.5.2-p4 for 1.5.2-p3 and earlier1.4.2-p9 for 1.4.2-p8 and earlier1.3.5-p14 for 1.3.5-p13 and earlier1.3.4-p16 for 1.3.4-p15 and earlier1.3.3-p17 for 1.3.3-p16 and earlier
Magento Open Source 2.4.9-beta1 for 2.4.9-alpha32.4.8-p4 for 2.4.8-p3 and earlier2.4.7-p9 for 2.4.7-p8 and earlier2.4.6-p14 for 2.4.6-p13 and earlier2.4.5-p16 for 2.4.5-p15 and earlier
Adobe Premiere 26.0
Adobe Premiere Pro 25.6 lts
Referenced Sites
Security Bulletins and Advisories
https://helpx.adobe.com/security.html/security/security-bulletin.ug.html
APSB26-26 : Security update available for Adobe Acrobat Reader
https://helpx.adobe.com/security/products/acrobat/apsb26-26.html
APSB26-18 : Security update available for Adobe Illustrator
https://helpx.adobe.com/security/products/illustrator/apsb26-18.html
APSB26-05 : Security update available for Adobe Commerce
https://helpx.adobe.com/security/products/magento/apsb26-05.html
APSB26-28 : Security update available for Adobe Premiere Pro
https://helpx.adobe.com/security/products/premiere_pro/apsb26-28.html