Skip to main content

Adobe

Vendor security scorecard – 18 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 92
18
CVEs
3
Critical
10
High
0
KEV
0
PoC
12
Unpatched C/H
5.6%
Patch Rate
0.2%
Avg EPSS

Severity Breakdown

CRITICAL
3
HIGH
10
MEDIUM
4
LOW
1

Monthly CVE Trend

Affected Products (30)

Experience Manager 279 Commerce B2b 66 Magento 57 Commerce 56 Framemaker 30 Acrobat 15 Acrobat Dc 15 Acrobat Reader Dc 15 Indesign 13 Acrobat Reader 12 Illustrator 9 Pdf Xchange Editor 7 Pdf Tools 7 Substance 3d Stager 6 Connect 5 PHP 4 Prototype Pollution 3 Open Redirect 2 Experience Manager Forms 2 Incopy 2 Pdf Xchange Pro 2 Java 2 Jwt Attack 2 Experience Manager Screens 1 OpenSSL 1 Psd Tools 1 Python 1 Substance 3d Painter 1 Substance 3d Sampler 1 Imagemagick 1

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2026-34659 Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitr CRITICAL 9.6 1.5% 50
No patch
CVE-2026-34660 Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code CRITICAL 9.3 0.5% 47
No patch
CVE-2026-42155 Predictable API session token generation in OpenMage LTS (≤ 20.16.0, confirmed vulnerable through ≤ 20.17.0) allows remote unauthenticated attackers to hijack authenticated XML-RPC, SOAP, and legacy REST API sessions by brute-forcing MD5 digests derived from time-based inputs. The session ID is constructed via md5(time() . uniqid('', true) . null), leaving an attacker with predictable timestamp and microsecond components plus a constrained LCG float - yielding far less than the OWASP ASVS-mandated 64 bits of entropy. Publicly available exploit code exists in the form of a working Python PoC included with the advisory. CRITICAL 9.3 0.0% 47
CVE-2026-34653 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathn HIGH 8.7 0.1% 44
No patch
CVE-2026-34686 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XS HIGH 8.7 0.0% 44
No patch
CVE-2026-34646 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulner HIGH 7.5 0.1% 38
No patch
CVE-2026-34645 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulner HIGH 7.5 0.1% 38
No patch
CVE-2026-34652 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third- HIGH 7.5 0.1% 38
No patch
CVE-2026-34649 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumpt HIGH 7.5 0.0% 38
No patch
CVE-2026-34651 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumpt HIGH 7.5 0.0% 38
No patch
CVE-2026-34648 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumpt HIGH 7.5 0.0% 38
No patch
CVE-2026-34650 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumpt HIGH 7.5 0.0% 38
No patch
CVE-2026-34647 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SS HIGH 7.4 0.1% 37
No patch
CVE-2026-34654 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third- MEDIUM 5.3 0.1% 27
No patch
CVE-2026-34655 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XS MEDIUM 4.8 0.1% 24
No patch

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy