Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN040
_____________________________________________________________________

DATE                : 15/01/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Illustrator versions prior to
                              2025 29.8.4, 2026  30.1.

=====================================================================
https://helpx.adobe.com/security/products/illustrator/apsb26-03.html
_____________________________________________________________________


Last updated on Jan 13, 2026

Security Updates Available for Adobe Illustrator | APSB26-03

Bulletin ID         Date Published          Priority

APSB26-03           January 13, 2026        3


Summary

Adobe has released an update for Adobe Illustrator. This 
update resolves critical and important vulnerabilities that could lead 
to arbitrary code execution or application denial-of-service.

Adobe is not aware of any exploits in the wild for any of the issues 
addressed in these updates.


Affected Versions

Product             Version                         Platform

Illustrator 2025    29.8.3 and earlier             Windows

Illustrator 2026    30.0 and earlier               Windows


Solution

Adobe categorizes these updates with the following  priority 
ratings  and recommends users update their installation to the 
newest version via the Creative Cloud desktop app's update mechanism.  
For more information, please reference this help page.

Product     Version       Platform         Priority     Availability

Illustrator 2025  29.8.4 and above   Windows and macOS  3
Download Page

Illustrator 2026  30.1 and above    Windows and macOS   3
Download Page


Vulnerability Details

Vulnerability Category   Vulnerability Impact   Severity  
CVSS base score    CVSS vector       CVE Numbers

Untrusted Search Path (CWE-426)   Arbitrary code execution   Critical
8.6   CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H    CVE-2026-21280

NULL Pointer Dereference (CWE-476)   Application denial-of-service
Important    5.5    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2026-21288


Acknowledgments

Adobe would like to thank the following researcher for 
reporting these issues and for working with Adobe to 
help protect our customers:   

    jony_juice -- CVE-2026-21280
    Francis Provencher (prl)  -- CVE-2026-21288

NOTE: Adobe has a public bug bounty program with HackerOne. If you are 
interested in working with Adobe as an external security researcher, 
please check out https://hackerone.com/adobe. 

For more information, visit https://helpx.adobe.com/security.html, or 
email PSIRT@adobe.com. 


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================