The March 2026 Security Update Review

Adobe issued eight bulletins addressing 80 CVEs in products including Acrobat (two Critical fixes), Experience Manager (33 XSS fixes), Commerce (19 CVEs, mostly XSS), Illustrator, Substance 3D Painter/Stager (multiple Critical RCEs), DNG SDK, and Premiere Pro; Microsoft released 84 CVEs (94 counting third-party/Chromium) across Windows, Office, Edge, Azure, SQL Server and more, including eight Critical issues and notable entries such as CVE-2026-26144 (Excel XSS enabling potential Copilot data exfiltration), Office RCEs (CVE-2026-26110/26113), a Print Spooler RCE (CVE-2026-23669) and a Graphics elevation-of-privilege (CVE-2026-23668); none were reported as actively exploited at release, so organizations should prioritize deploying patches for the critical RCEs and high-impact issues.