Adobe threat watch

Adobe product CVE coverage from NVD — Acrobat, Photoshop, Commerce/Magento, and Creative Cloud components.

Watch items

Recent Adobe watch items

Showing the 20 most recent items, newest first. Each row links to the official advisory.

20 rows · sorted newest first

Operations view

coldfusion vulnerability (CVE-2026-48307)

HIGH
watchNVDCVE-2026-48307

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed.

Jun 30, 2026, 11:16 AMOfficial source

Adobe Campaign Classic (ACC) vulnerability (CVE-2026-48286)

CRITICAL
watchNVDCVE-2026-48286

Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Jun 30, 2026, 11:16 AMOfficial source

acrobat vulnerability (CVE-2026-48294)

HIGH
watchNVDCVE-2026-48294

Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Jun 17, 2026, 5:55 AMOfficial source

c2pa vulnerability (CVE-2026-34713)

HIGH
watchNVDCVE-2026-34713

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

Jun 9, 2026, 5:16 PMOfficial source

c2pa vulnerability (CVE-2026-34712)

HIGH
watchNVDCVE-2026-34712

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Jun 9, 2026, 5:16 PMOfficial source

c2pa vulnerability (CVE-2026-34711)

HIGH
watchNVDCVE-2026-34711

CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Jun 9, 2026, 5:16 PMOfficial source

campaign vulnerability (CVE-2026-48303)

CRITICAL
watchNVDCVE-2026-48303

Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

format plugins vulnerability (CVE-2026-48292)

HIGH
watchNVDCVE-2026-48292

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

format plugins vulnerability (CVE-2026-48291)

HIGH
watchNVDCVE-2026-48291

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47960)

HIGH
watchNVDCVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

acrobat vulnerability (CVE-2026-47959)

HIGH
watchNVDCVE-2026-47959

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

acrobat dc vulnerability (CVE-2026-47955)

HIGH
watchNVDCVE-2026-47955

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

acrobat dc vulnerability (CVE-2026-47952)

HIGH
watchNVDCVE-2026-47952

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

acrobat dc vulnerability (CVE-2026-47937)

HIGH
watchNVDCVE-2026-47937

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47932)

CRITICAL
watchNVDCVE-2026-47932

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47931)

CRITICAL
watchNVDCVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. An attacker with high privileges could exploit this vulnerability to execute arbitrary code. Exploitation of this issue does not require user interaction. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47930)

HIGH
watchNVDCVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47929)

CRITICAL
watchNVDCVE-2026-47929

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

coldfusion vulnerability (CVE-2026-47928)

CRITICAL
watchNVDCVE-2026-47928

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed.

Jun 9, 2026, 4:17 PMOfficial source

acrobat dc vulnerability (CVE-2026-47921)

HIGH
watchNVDCVE-2026-47921

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Jun 9, 2026, 4:17 PMOfficial source

Vendor watch hub

What this page covers

The Adobewatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.

  • Confirm whether recent Adobe activity overlaps with your environment.
  • Prioritize advisories by MSP-relevance score, severity, and status.
  • Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.

At a glance

Tracked

976

Active

78

Featured

370

Unique CVEs

20

Most recent entry

Jun 30, 2026, 11:16 AM

Feed refreshes daily · 5:15 a.m. Central

Sources·CISA KEV and NVD (product vendor coverage)

"Most recent entry" is the newest item the upstream feed has published — not our sync time.

Related vendors

Other productivity vendors in the radar

Vendor watch FAQ

Common questions

What is the Adobe threat watch page?

It is the Adobe-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the Adobe watch page?

Use it to confirm whether current Adobe issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to Adobe security issues?

Yes. ITECS can help map Adobe advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.