Adobe Security Bulletin

Security update available for Adobe Creative Cloud Desktop Application | APSB26-77

Bulletin ID

Date Published

Priority

APSB26-77

July 14, 2026

3

Summary

Adobe has released an update for the Creative Cloud Desktop for Windows.  This update includes a fix for critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.   

Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

Affected Versions

Product

Affected version

Platform

Creative Cloud Desktop Application 

6.9.1.1 and earlier versions

Windows

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

Creative Cloud Desktop Application

6.10.0.252.3

Windows

3

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVSS base score CVSS vector CVE Number
Uncontrolled Search Path Element (CWE-427) Privilege escalation Critical 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-48272
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) Privilege escalation Critical  7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-48344

Acknowledgments:

Adobe would like to thank the following for reporting the relevant issues and for working with Adobe to help protect our customers:

  • Brandon Evans of TrendAI Zero Day Initiative - CVE-2026-48272, CVE-2026-48344

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe.

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.


Adobe, Inc.

Get help faster and easier

New user?