Adobe Releases February 2026 Patches for Multiple Products

Adobe has released the February 2026 security updates patching vulnerabilities across multiple products. The updates address critical and important vulnerabilities affecting Adobe After Effects, Audition, InDesign, Lightroom Classic, Bridge, Substance 3D suite products, and the DNG Software Development Kit that could lead to arbitrary code execution, memory exposure, and application denial-of-service.

Adobe After Effects

Critical vulnerabilities

• CVE-2026-21318 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21320 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.
• CVE-2026-21321 (CVSS score 7.8) - Integer Overflow or Wraparound vulnerability that could lead to arbitrary code execution.
• CVE-2026-21322 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.
• CVE-2026-21323 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.
• CVE-2026-21324 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.
• CVE-2026-21325 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.
• CVE-2026-21326 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.
• CVE-2026-21327 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21328 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21329 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.
• CVE-2026-21330 (CVSS score 7.8) - Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could lead to arbitrary code execution.
• CVE-2026-21351 (CVSS score 7.8) - Use After Free vulnerability that could lead to arbitrary code execution.

Important vulnerabilities

• CVE-2026-21350 (CVSS score 5.5) - NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
• CVE-2026-21319 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.

Affected Versions:

• Adobe After Effects - 25.6 and earlier versions (Windows and macOS)

Updated Versions:

• Adobe After Effects - 25.6.4 (Windows and macOS)
• Adobe After Effects - 26.0 (Windows and macOS)

Adobe Audition

Critical vulnerability

• CVE-2026-21312 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.

Important vulnerabilities

• CVE-2026-21313 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21314 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21315 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21316 (CVSS score 5.5) - Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service.
• CVE-2026-21317 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.

Affected Versions:

• Adobe Audition - 25.3 and earlier versions (Windows and macOS)

Updated Versions:

• Adobe Audition - 25.6 (Windows and macOS)
• Adobe Audition - 26.0 (Windows and macOS)

Adobe InDesign

Critical vulnerability

• CVE-2026-21357 (CVSS score 7.8) - Heap-based Buffer Overflow vulnerability that could lead to arbitrary code execution.

Important vulnerabilities

• CVE-2026-21332 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21358 (CVSS score 5.5) - Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service.

Affected Versions:

• Adobe InDesign - ID21.1 and earlier versions (Windows and macOS)
• Adobe InDesign - ID20.5.1 and earlier versions (Windows and macOS)

Updated Versions:

• Adobe InDesign - ID21.2 (Windows and macOS)
• Adobe InDesign - ID20.5.2 (Windows and macOS)

Adobe Lightroom Classic

Critical vulnerability

• CVE-2026-21349 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.

Affected Versions:

• Lightroom Classic - 15.1 and earlier versions (Windows)

Updated Versions:

• Lightroom Classic - 15.1.1 (All platforms)
• Lightroom Classic - 14.5.2 LTS (All platforms)

Adobe Bridge

Critical vulnerabilities

• CVE-2026-21346 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21347 (CVSS score 7.8) - Integer Overflow or Wraparound vulnerability that could lead to arbitrary code execution.

Affected Versions:

• Adobe Bridge - 15.1.3 (LTS) and earlier versions (Windows and macOS)
• Adobe Bridge - 16.0.1 and earlier versions (Windows and macOS)

Updated Versions:

• Adobe Bridge - 15.1.4 (LTS) (Windows and macOS)
• Adobe Bridge - 16.0.2 (Windows and macOS)

Adobe Substance 3D Designer

Critical vulnerabilities

• CVE-2026-21334 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21335 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.

Important vulnerabilities

• CVE-2026-21336 (CVSS score 5.5) - NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
• CVE-2026-21337 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21338 (CVSS score 5.5) - NULL Pointer Dereference vulnerability that could lead to application denial-of-service.
• CVE-2026-21339 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.
• CVE-2026-21340 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.

Affected Versions:

• Adobe Substance 3D Designer - 15.1.0 and earlier versions (All platforms)

Updated Version:

• Adobe Substance 3D Designer - 15.1.2 (All platforms)

Adobe Substance 3D Stager

Critical vulnerabilities

• CVE-2026-21341 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21342 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21343 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.
• CVE-2026-21344 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.
• CVE-2026-21345 (CVSS score 7.8) - Out-of-bounds Read vulnerability that could lead to arbitrary code execution.

Affected Versions:

• Adobe Substance 3D Stager - 3.1.6 and earlier versions (Windows and macOS)

Updated Version:

• Adobe Substance 3D Stager - 3.1.7 (Windows and macOS)

Adobe Substance 3D Modeler

Important vulnerability

• CVE-2026-21348 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.

Affected Versions:

• Adobe Substance 3D Modeler - 1.22.5 and earlier versions (All platforms)

Updated Version:

• Adobe Substance 3D Modeler - 1.22.6 (All platforms)

Adobe DNG Software Development Kit (SDK)

Critical vulnerabilities

• CVE-2026-21352 (CVSS score 7.8) - Out-of-bounds Write vulnerability that could lead to arbitrary code execution.
• CVE-2026-21353 (CVSS score 7.8) - Integer Overflow or Wraparound vulnerability that could lead to arbitrary code execution.

Important vulnerabilities

• CVE-2026-21354 (CVSS score 5.5) - Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service.
• CVE-2026-21355 (CVSS score 5.5) - Out-of-bounds Read vulnerability that could lead to memory exposure.

Affected Versions:

• Adobe DNG SDK - 1.7.1 build 2410 and earlier versions (All platforms)

Updated Version:

• Adobe DNG SDK - 1.7.2 build 2410 (All platforms)

Adobe claims that they are not aware of any exploits in the wild for any of the issues addressed in these updates. Users are strongly encouraged to update their software to the latest versions.