PT-2026-24560 · Adobe · Commerce
Michele
+1
·
Publicado
2026-03-10
·
Atualizado
2026-03-11
·
CVE-2026-21296
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.4 through 2.4.9-alpha3
Description
Adobe Commerce is affected by an Incorrect Authorization issue that could lead to a Security feature bypass. A low-privileged attacker may be able to bypass security measures and gain limited unauthorized view access to data. Exploitation of this issue does not require user interaction.
Recommendations
Update Adobe Commerce to a version later than 2.4.9-alpha3.
Update Adobe Commerce to a version later than 2.4.8-p3.
Update Adobe Commerce to a version later than 2.4.7-p8.
Update Adobe Commerce to a version later than 2.4.6-p13.
Update Adobe Commerce to a version later than 2.4.5-p15.
Update Adobe Commerce to a version later than 2.4.4-p16.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Commerce