Adobe’s February 2026 Patch Tuesday updates address a total of 44 vulnerabilities discovered by external security researchers in the company’s products.
The software giant has published nine new advisories announcing patches for Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK.
The company has assigned a critical severity rating to over two dozen vulnerabilities that can be exploited for arbitrary code execution, but they are all rated high based on their CVSS scores.
These types of code execution flaws have been fixed by Adobe in Audition, After Effects, InDesign, Bridge, Lightroom Classic, DNG SDK, and two of the Substance 3D products.
The remaining vulnerabilities have been described as important-severity (medium severity based on their CVSS scores) memory exposure and DoS issues.
The company says it’s not aware of in-the-wild exploitation and, given that it has assigned a priority rating of 3 to all new advisories, does not expect them to be targeted by threat actors.
Researchers who use the online monikers ‘Yjdfy’ and ‘Voidexploit’ have been credited for reporting a majority of the vulnerabilities patched with the latest round of updates.
Microsoft’s February 2026 Patch Tuesday updates fix 60 vulnerabilities, including six actively exploited zero-days.
Related: Adobe Patches Critical Apache Tika Bug in ColdFusion
Related: Adobe ColdFusion Servers Targeted in Coordinated Campaign
