.

Adobe Security Bulletin

Last updated on May 12, 2026

Security Updates Available for Adobe Illustrator | APSB26-51

Bulletin ID
Date Published
Priority
APSB26-51
May 12, 2026
3

Summary

Adobe has released an update for Adobe Illustrator. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure.

Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates.

Affected Versions

Product
Version
Platform
Illustrator 2025
29.8.6 and earlier
Windows
Illustrator 2026
30.3 and earlier
Windows

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism. For more information, please reference this help page.

Product
Version
Platform
Priority
Availability
Illustrator 2025
29.8.7
Windows and macOS
3
Illustrator 2026
30.4
Windows and macOS
3

Vulnerability Details

Vulnerability Category
Vulnerability Impact
Severity
CVSS base score
CVE Numbers
Out-of-bounds Write (CWE-787)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-34661
NULL Pointer Dereference (CWE-476)
Application denial-of-service
Important
5.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2026-34662
Out-of-bounds Read (CWE-125)
Memory exposure
Important
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2026-34663
Heap-based Buffer Overflow (CWE-122)
Arbitrary code execution
Critical
7.8
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2026-34687

Acknowledgments

Adobe would like to thank the following researcher for reporting these issues and for working with Adobe to help protect our customers:

  • Francis Provencher (prl) -- CVE-2026-34661, CVE-2026-34662, CVE-2026-34663, CVE-2026-34687

NOTE: Adobe has a public bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please check out https://hackerone.com/adobe.

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.