Adobe Releases 44 Security Fixes, 27 Critical
Adobe's February 2026 Patch Tuesday addresses 44 vulnerabilities across nine product advisories, with no evidence of active exploitation.
Adobe published nine security advisories on February 11, 2026, addressing 44 vulnerabilities discovered by researchers across its product portfolio. The company classified 27 of these flaws as critical, requiring immediate attention from administrators.
Affected Products
The security updates cover Audition, After Effects, InDesign Desktop, Substance 3D Designer, Substance 3D Stager, Substance 3D Modeler, Bridge, Lightroom Classic, and the DNG SDK. Successful exploitation could lead to arbitrary code execution, memory exposure, and application denial-of-service.
No Active Exploits Detected
Adobe confirmed it is not aware of any in-the-wild exploitation of the patched vulnerabilities. Despite the absence of active threats, the criticality and potential impact of these flaws warrant immediate patching, particularly for the arbitrary code execution vulnerabilities.
Coordinated Patch Tuesday
Adobe's updates arrived alongside February 2026 Patch Tuesday releases from Microsoft, SAP, and Intel, part of the monthly coordinated security update cycle. Organizations should prioritize deploying these patches to mitigate risk, especially for internet-facing Creative Cloud deployments.
Related Articles
Cloudflare 2026 Threat Report: 230 Billion Daily Blocked Threats and the Rise of Credential Attacks
Cloudflare has published its inaugural annual threat report revealing the company blocks over 230 billion threats daily across 20% of global web traffic. DDoS attacks doubled year-over-year to 47.1 million incidents, with the largest reaching a record 31.4 Tbps, while bots now account for 94% of all login attempts.
HashiCorp Patches Consul Arbitrary File Read Vulnerability in Kubernetes Auth
HashiCorp has released emergency patches for Consul to address CVE-2026-2808, a medium-severity vulnerability allowing arbitrary file reads when Kubernetes authentication is enabled. The fix also adds HTTP server timeouts to prevent Slowloris denial-of-service attacks against Consul agent endpoints.
Let's Encrypt Now Issues Six-Day Certificates and IP Address Certificates via Certbot
Let's Encrypt and the EFF have announced support for six-day (160-hour) certificates and IP address certificates through Certbot 5.3 and 5.4. The ultra-short-lived certificates reduce the impact window of compromised keys by design, while IP address certificates enable HTTPS for services identified by address rather than hostname.