Adobe · Magento-Lts · CVE-2026-25523
**Name of the Vulnerable Software and Affected Versions**
Magento-lts versions prior to 20.16.1
**Description**
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin URL can be discovered without prior knowledge of its location by exploiting the `X-Original-Url` header in certain configurations.
**Recommendations**
Update to version 20.16.1 or later.