COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Adobe company FedRAMP market

FedRAMP provider · · dossier confidence 40%

Adobe Inc. is a public technology company focused on digital media and content creation tools. Security posture is high-risk due to multiple critical RCE vulnerabilities in ColdFusion and Acrobat products, with recent CVEs added to CISA KEV in 2026.

4
failure events
1
zero-days
4
RCEs
4
on KEV
0
critical
85
worst shame

Profile

Category
Software Vendor
What they do
Adobe Inc. operates as a technology company worldwide, offering products and services that enable individuals, teams, and enterprises to create, publish, and promote content.
Ownership
Public
Website
https://stockanalysis.com/stocks/adbe/company/

Security posture

High-risk vendor with a history of critical RCE vulnerabilities in Adobe ColdFusion and Acrobat products, including multiple CVEs added to CISA KEV in 2026.

Notable failures
  • CVE-2026-48282: Adobe ColdFusion path traversal RCE
  • CVE-2026-34621: Adobe Acrobat prototype pollution RCE
  • CVE-2020-9715: Adobe Acrobat use-after-free RCE
  • CVE-2009-3459: Adobe Acrobat heap-based buffer overflow RCE
Patterns
Repeated high-severity RCE in Adobe ColdFusion and Acrobat; Active exploitation of Adobe ColdFusion vulnerabilities

Failure history 4 events

DateEventSevFlagsShameSummary
2026-04-13 CVE-2020-9715 high ⚡RCE ◐0day ⌖KEV 85 Adobe Acrobat use-after-free vulnerability (CVE-2020-9715) enables remote code execution and was actively exploited in the wild.
2026-04-13 CVE-2026-34621 high ⚡RCE ⌖KEV 85 Adobe Acrobat and Reader are actively exploited for arbitrary code execution via prototype pollution.
2026-07-07 CVE-2026-48282 high ⚡RCE ⌖KEV 65 Adobe ColdFusion allows arbitrary code execution via path traversal, enabling attackers to run commands as the current user.
2026-05-20 CVE-2009-3459 high ⚡RCE ⌖KEV 65 Adobe Acrobat and Reader exploited a heap-based buffer overflow vulnerability allowing remote code execution via crafted PDF files.

FedRAMP catalog products 8

ProductStatusImpact
Adobe Acrobat Sign for Government Authorized Moderate
Adobe Analytics Authorized LI-SaaS
Adobe Campaign Authorized LI-SaaS
Adobe Connect Managed Services (ACMS-GC) Authorized Moderate
Adobe Creative Cloud for Enterprise Authorized LI-SaaS
Adobe Document Cloud (PDF Services & Adobe Sign) Authorized LI-SaaS
Adobe Experience Manager Managed Services (AEMMS-GC) Authorized Moderate
Adobe Learning Manager Authorized LI-SaaS

Dossier sources

Open questions: Adobe's remediation timeline for CVE-2026-48282 · Impact of CVE-2026-34621 on enterprise deployments