SecLens 情报中心

{
  "affected_products": [
    {
      "platform": "All",
      "product": "Adobe Format Plugins",
      "version": "1.1.2 and earlier versions"
    }
  ],
  "bulletin_id": "APSB26-65",
  "detail_url": "https://helpx.adobe.com/security/products/formatplugins/apsb26-65.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .",
    "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information."
  ],
  "solutions": [
    {
      "availability": "Download Center",
      "availability_url": null,
      "platform": "All",
      "priority": "3",
      "product": "Adobe Format Plugins",
      "version": "1.1.3"
    }
  ],
  "summary_paragraphs": [
    "Adobe has released an update for Adobe Format Plugins. This update addresses critical vulnerabilities that could lead to arbitrary code execution.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {
      "CVE Numbers": "CVE-2026-48291",
      "CVSS base score": "7.8",
      "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "Severity": "Critical",
      "Vulnerability Category": "Heap-based Buffer Overflow ( CWE-122 )",
      "Vulnerability Impact": "Arbitrary code execution"
    },
    {
      "CVE Numbers": "CVE-2026-48292",
      "CVSS base score": "7.8",
      "CVSS vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "Severity": "Critical",
      "Vulnerability Category": "Heap-based Buffer Overflow ( CWE-122 )",
      "Vulnerability Impact": "Arbitrary code execution"
    }
  ]
}

{
  "acknowledgments": [
    "Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:",
    "Seiji Sakurai (@HeapSmasher) working with TrendAI Zero Day Initiative - CVE-2026-47911",
    "Mark Vincent Yason (markyason.github.io) working with TrendAI Zero Day Initiative - CVE-2026-47912, CVE-2026-47913, CVE-2026-47923, CVE-2026-47924",
    "Brandon Evans of TrendAI Zero Day Initiative - CVE-2026-47915",
    "Tao Yan (@Ga1ois) and Edouard Bochin (@le_douds) of Palo Alto Networks - CVE-2026-47916",
    "Dongeui Ko (d0c70r) - CVE-2026-47925",
    "Yu Zhou and Yutao Wang of YunShangHuaAn (yutao_wang) - CVE-2026-47926, CVE-2026-47959",
    "Anonymous working with TrendAI Zero Day Initiative - CVE-2026-47914",
    "Anonymous working with TrendAI Zero Day Initiative - CVE-2026-47917",
    "Anonymous working with TrendAI Zero Day Initiative - CVE-2026-47918",
    "XP - CVE-2026-47920, CVE-2026-47921, CVE-2026-47961, CVE-2026-47955",
    "Anonymous - CVE-2026-47952",
    "Pedro J. Nunez-Cacho Fuentes (@tunelko) - CVE-2026-47937",
    "NoE9ybCAT (qtuvteqhlv) - CVE-2026-47965"
  ],
  "affected_paragraphs": [
    "For questions regarding Adobe Acrobat, please visit the Adobe Acrobat FAQ page.",
    "For questions regarding Acrobat Reader, please visit the Acrobat Reader FAQ page ."
  ],
  "bulletin_id": "APSB26-63",
  "detail_url": "https://helpx.adobe.com/security/products/acrobat/apsb26-63.html",
  "last_updated": "06/15/2026",
  "originally_posted": "06/09/2026",
  "priority": "2",
  "solution_paragraphs": [
    "Adobe recommends users update their software installations to the latest versions by following the instructions below.",
    "The latest product versions are available to end users via one of the following methods:",
    "Users can update their product installations manually by choosing Help > Check for Updates.",
    "The products will update automatically, without requiring user intervention, when updates are detected.",
    "The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center .",
    "For IT administrators (managed environments):",
    "Refer to the specific release note version for links to installers.",
    "Install updates via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or on macOS, Apple Remote Desktop and SSH.",
    "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:"
  ],
  "summary_paragraphs": [
    "Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory exposure.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {}
  ]
}

{
  "acknowledgments": [
    "Adobe would like to thank the following researcher for reporting these issues and for working with Adobe to help protect our customers:",
    "Sudhanshu Rajbhar (sudi) - CVE-2026-47907, CVE-2026-47910",
    "Kieran (kaiksi) - CVE-2026-47909",
    "mrhavit - CVE-2026-47906",
    "Francis Provencher (prl) - CVE-2026-47908",
    "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe",
    "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]."
  ],
  "affected_products": [
    {
      "platform": "Windows and macOS",
      "product": "Adobe Dreamweaver",
      "version": "21.7 and earlier versions"
    }
  ],
  "bulletin_id": "APSB26-62",
  "detail_url": "https://helpx.adobe.com/security/products/dreamweaver/apsb26-62.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes this update with the following priority rating and recommends users to use latest builds for new installation via the Creative Cloud desktop app updater, or by navigating to the Dreamweaver Help menu and clicking \"Updates.\" For more information, please reference this help page .",
    "Note: For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information on the Creative Cloud Packager."
  ],
  "summary_paragraphs": [
    "Adobe has released a security update for Adobe Dreamweaver. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory exposure, and arbitrary file system read.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {},
    {},
    {}
  ]
}

{
  "affected_products": [
    {
      "platform": "All",
      "product": "Adobe Substance 3D Sampler",
      "version": "6.0.0 and earlier versions"
    }
  ],
  "bulletin_id": "APSB26-60",
  "detail_url": "https://helpx.adobe.com/security/products/substance3d-sampler/apsb26-60.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page .",
    "For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information."
  ],
  "solutions": [
    {
      "availability": "Release Notes",
      "availability_url": "https://experienceleague.adobe.com/en/docs/substance-3d-sampler/using/release-notes/all-changes",
      "platform": "All",
      "priority": "3",
      "product": "Adobe Substance 3D Sampler",
      "version": "6.0.1"
    }
  ],
  "summary_paragraphs": [
    "Adobe has released an update for Adobe Substance 3D Sampler. This update addresses critical vulnerabilities in Adobe Substance 3D Sampler. Successful exploitation could lead to arbitrary code execution.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {},
    {}
  ]
}

{
  "acknowledgments": [
    "Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.",
    "jony_juice -- CVE-2026-34706, CVE-2026-34707, CVE-2026-34708",
    "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe",
    "-------------------------------------------------------------------------------------------------------------------------------------------------",
    "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]"
  ],
  "affected_products": [
    {
      "platform": "Windows and macOS",
      "product": "Adobe InCopy",
      "version": "21.3 and earlier versions"
    },
    {
      "platform": "Windows and macOS",
      "product": "Adobe InCopy",
      "version": "20.5.3 and earlier versions"
    }
  ],
  "bulletin_id": "APSB26-59",
  "detail_url": "https://helpx.adobe.com/security/products/incopy/apsb26-59.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InCopy Help menu and clicking \"Updates.\" For more information, please reference this help page.",
    "For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information."
  ],
  "summary_paragraphs": [
    "Adobe has released a security update for Adobe InCopy. This update addresses critical vulnerabilities that could lead to arbitrary code execution.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {}
  ]
}

{
  "acknowledgments": [
    "Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:",
    "Francis Provencher (prl) -- CVE-2026-34695, CVE-2026-34696, CVE-2026-34697, CVE-2026-34698, CVE-2026-34701, CVE-2026-34703, CVE-2026-34704, CVE-2026-34705",
    "jony_juice -- CVE-2026-34699, CVE-2026-34702, CVE-2026-48293",
    "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe",
    "For more information, visit https://helpx.adobe.com/security.html , or email [email protected]"
  ],
  "affected_products": [
    {
      "platform": "Windows and macOS",
      "product": "Adobe InDesign",
      "version": "ID21.3 and earlier versions"
    },
    {
      "platform": "Windows and macOS",
      "product": "Adobe InDesign",
      "version": "ID20.5.3 and earlier versions"
    }
  ],
  "bulletin_id": "APSB26-58",
  "detail_url": "https://helpx.adobe.com/security/products/indesign/apsb26-58.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority rating and recommends users update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking \"Updates.\" For more information, please reference this help page .",
    "For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information."
  ],
  "summary_paragraphs": [
    "Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {}
  ]
}

{
  "affected_products": [
    {
      "platform": "Windows, macOS, Linux, iOS, Android",
      "product": "Adobe Experience Manager 6.5 LTS",
      "version": "SP1 and earlier"
    },
    {
      "platform": "Windows, macOS, Linux, iOS, Android",
      "product": "Adobe Experience Manager 6.5",
      "version": "6.5.24.0 and earlier"
    }
  ],
  "bulletin_id": "APSB26-57",
  "detail_url": "https://helpx.adobe.com/security/products/aem-forms/apsb26-57.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "2",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:",
    "Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2."
  ],
  "solutions": [
    {
      "availability": "Update instructions",
      "availability_url": "https://experienceleague.adobe.com/en/docs/experience-manager-65/content/release-notes/aem-forms-current-service-pack-installation-instructions",
      "platform": "All",
      "priority": "2",
      "product": "Adobe Experience Manager 6.5 LTS",
      "version": "SP2"
    },
    {
      "availability": "Update instructions",
      "availability_url": "https://experienceleague.adobe.com/en/docs/experience-manager-65/content/release-notes/aem-forms-current-service-pack-installation-instructions",
      "platform": "All",
      "priority": "2",
      "product": "Adobe Experience Manager 6.5",
      "version": "6.5.25.0"
    }
  ],
  "summary_paragraphs": [
    "Adobe has released a security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE). This update addresses critical and important vulnerabilities that could lead to arbitrary code execution.",
    "Adobe is not aware of these issues being exploited in the wild."
  ],
  "vulnerabilities": [
    {},
    {},
    {}
  ]
}

{
  "acknowledgments": [
    "Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:",
    "green-jam: CVE-2026-47936, CVE-2026-47941, CVE-2026-47943, CVE-2026-47944, CVE-2026-47945, CVE-2026-47946, CVE-2026-47947, CVE-2026-47948, CVE-2026-47949, CVE-2026-47950, CVE-2026-47951, CVE-2026-47953, CVE-2026-47954, CVE-2026-47956, CVE-2026-47957, CVE-2026-47958, CVE-2026-47962, CVE-2026-47966, CVE-2026-47970, CVE-2026-47972, CVE-2026-47981, CVE-2026-47982, CVE-2026-47983, CVE-2026-47985, CVE-2026-47986, CVE-2026-47987, CVE-2026-47989, CVE-2026-47993, CVE-2026-34692, CVE-2026-48250, CVE-2026-48251, CVE-2026-48256, CVE-2026-48258, CVE-2026-48264, CVE-2026-48265, CVE-2026-48266, CVE-2026-48268, CVE-2026-48271, CVE-2026-48280, CVE-2026-48297",
    "anonymous_blackzero : CVE-2026-47939, CVE-2026-47973, CVE-2026-47974, CVE-2026-47975, CVE-2026-47977, CVE-2026-47978, CVE-2026-47980, CVE-2026-48288, CVE-2026-48289, CVE-2026-48299, CVE-2026-48300, CVE-2026-48301, CVE-2026-48304",
    "lpi: CVE-2026-47935, CVE-2026-47942",
    "Marco Ventura, Claudia Bartolini and Massimiliano Brolli of TIM Security Red Team Research - TIM S.p.A : CVE-2026-47990",
    "NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe"
  ],
  "affected_products": [
    {
      "platform": "All",
      "product": "Adobe Experience Manager (AEM)",
      "version": "AEM Cloud Service (CS)"
    }
  ],
  "bulletin_id": "APSB26-56",
  "detail_url": "https://helpx.adobe.com/security/products/experience-manager/apsb26-56.html",
  "last_updated": "06/09/2026",
  "originally_posted": "06/09/2026",
  "priority": "3",
  "solution_paragraphs": [
    "Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:",
    "Customers running on Adobe Experience Manager’s Cloud Service will automatically receive updates that include new features as well as security and functionality bug fixes.",
    "Experience Manager Security Considerations:",
    "AEM as a Cloud Service Security Considerations Anonymous Permission Hardening Package",
    "Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2."
  ],
  "solutions": [
    {
      "availability": "Release Notes",
      "availability_url": "https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/release-notes/release-notes/release-notes-current",
      "platform": "All",
      "priority": "3",
      "product": "Adobe Experience Manager (AEM)",
      "version": "AEM Cloud Service (CS) Release 2026.05"
    },
    {
      "availability": "Release Notes",
      "availability_url": "https://experienceleague.adobe.com/en/docs/experience-manager-65-lts/content/release-notes/release-notes",
      "platform": "All",
      "priority": "3",
      "product": "Adobe Experience Manager (AEM)",
      "version": "6.5 LTS Service Pack 2"
    },
    {
      "availability": "Release Notes",
      "availability_url": "https://experienceleague.adobe.com/en/docs/experience-manager-65/content/release-notes/release-notes",
      "platform": "All",
      "priority": "3",
      "product": "Adobe Experience Manager (AEM)",
      "version": "6.5 Service Pack 25"
    }
  ],
  "summary_paragraphs": [
    "Adobe has released updates for Adobe Experience Manager (AEM). This update resolves vulnerabilities rated important and moderate . Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass.",
    "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
  ],
  "vulnerabilities": [
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {},
    {}
  ],
  "vulnerability_paragraphs": [
    "If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html"
  ]
}