CVE-2023-26367

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier

Description The issue is related to an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. This vulnerability is associated with insufficient protection of service data, which may allow a remote attacker to gain unauthorized access to protected information or cause a denial of service.

Recommendations For Adobe Commerce versions 2.4.7-beta1 and earlier, update to a version that fixes the Improper Input Validation vulnerability. For Adobe Commerce versions 2.4.6-p2 and earlier, update to a version that fixes the Improper Input Validation vulnerability. For Adobe Commerce versions 2.4.5-p4 and earlier, update to a version that fixes the Improper Input Validation vulnerability. For Adobe Commerce versions 2.4.4-p5 and earlier, update to a version that fixes the Improper Input Validation vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.