FAIL › dossier
FedRAMP provider · · dossier confidence 40%
Adobe Inc. is a public technology company focused on digital media and content creation tools. Security posture is high-risk due to multiple critical RCE vulnerabilities in ColdFusion and Acrobat products, with recent CVEs added to CISA KEV in 2026.
High-risk vendor with a history of critical RCE vulnerabilities in Adobe ColdFusion and Acrobat products, including multiple CVEs added to CISA KEV in 2026.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2026-04-13 | CVE-2020-9715 | high | ⚡RCE ◐0day ⌖KEV | 85 | Adobe Acrobat use-after-free vulnerability (CVE-2020-9715) enables remote code execution and was actively exploited in the wild. |
| 2026-04-13 | CVE-2026-34621 | high | ⚡RCE ⌖KEV | 85 | Adobe Acrobat and Reader are actively exploited for arbitrary code execution via prototype pollution. |
| 2026-07-07 | CVE-2026-48282 | high | ⚡RCE ⌖KEV | 65 | Adobe ColdFusion allows arbitrary code execution via path traversal, enabling attackers to run commands as the current user. |
| 2026-05-20 | CVE-2009-3459 | high | ⚡RCE ⌖KEV | 65 | Adobe Acrobat and Reader exploited a heap-based buffer overflow vulnerability allowing remote code execution via crafted PDF files. |
| Product | Status | Impact |
|---|---|---|
| Adobe Acrobat Sign for Government | Authorized | Moderate |
| Adobe Analytics | Authorized | LI-SaaS |
| Adobe Campaign | Authorized | LI-SaaS |
| Adobe Connect Managed Services (ACMS-GC) | Authorized | Moderate |
| Adobe Creative Cloud for Enterprise | Authorized | LI-SaaS |
| Adobe Document Cloud (PDF Services & Adobe Sign) | Authorized | LI-SaaS |
| Adobe Experience Manager Managed Services (AEMMS-GC) | Authorized | Moderate |
| Adobe Learning Manager | Authorized | LI-SaaS |
Open questions: Adobe's remediation timeline for CVE-2026-48282 · Impact of CVE-2026-34621 on enterprise deployments