PT-2026-24552 · Adobe · Commerce
Michele Damico
·
Published
2026-03-10
·
Updated
2026-03-11
·
CVE-2026-21286
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.4 through 2.4.9-alpha3
Description
Adobe Commerce is affected by an Incorrect Authorization issue that may allow a security feature bypass. An attacker could exploit this to gain limited unauthorized view access to data without requiring user interaction.
Recommendations
Adobe Commerce versions prior to 2.4.4 should be updated.
Adobe Commerce version 2.4.4-p16 should be updated.
Adobe Commerce version 2.4.5-p15 should be updated.
Adobe Commerce version 2.4.6-p13 should be updated.
Adobe Commerce version 2.4.7-p8 should be updated.
Adobe Commerce version 2.4.8-p3 should be updated.
Adobe Commerce version 2.4.9-alpha3 should be updated.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce