CVE-2026-21359

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p16 and earlier Adobe Commerce versions 2.4.5-p15 Adobe Commerce versions 2.4.6-p13 Adobe Commerce versions 2.4.7-p8 Adobe Commerce versions 2.4.8-p3 Adobe Commerce versions 2.4.9-alpha3

Description The software contains an Incorrect Authorization issue that could lead to a Security feature bypass. An attacker could potentially bypass security measures, resulting in limited impact to data integrity and availability. Exploitation of this issue is conditional and does not require user interaction.

Recommendations Update Adobe Commerce versions prior to 2.4.4-p16. Update Adobe Commerce versions prior to 2.4.5-p15. Update Adobe Commerce versions prior to 2.4.6-p13. Update Adobe Commerce versions prior to 2.4.7-p8. Update Adobe Commerce versions prior to 2.4.8-p3. Update Adobe Commerce versions prior to 2.4.9-alpha3.