PT-2026-24557 · Adobe · Commerce

Michele

Publicado

2026-03-10

Atualizado

2026-03-11

CVE-2026-21293

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p16 and earlier Adobe Commerce versions 2.4.5-p15 Adobe Commerce versions 2.4.6-p13 Adobe Commerce versions 2.4.7-p8 Adobe Commerce versions 2.4.8-p3 Adobe Commerce versions 2.4.9-alpha3

Description The software is affected by a Server-Side Request Forgery (SSRF) issue that could lead to a security feature bypass. A high-privileged attacker could exploit this to manipulate server-side requests and access unauthorized resources. Exploitation does not require user interaction.

Recommendations Update Adobe Commerce to a version later than 2.4.4-p16. Update Adobe Commerce to a version later than 2.4.5-p15. Update Adobe Commerce to a version later than 2.4.6-p13. Update Adobe Commerce to a version later than 2.4.7-p8. Update Adobe Commerce to a version later than 2.4.8-p3. Update Adobe Commerce to a version later than 2.4.9-alpha3.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

BDU:2026-03224

CVE-2026-21293

Produtos afetados

Commerce

PT-2026-24557 · Adobe · Commerce

CVE-2026-21293

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7