PT-2026-24560 · Adobe · Commerce
Michele
+1
·
Published
2026-03-10
·
Updated
2026-03-11
·
CVE-2026-21296
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions 2.4.4 through 2.4.9-alpha3
Description
Adobe Commerce is affected by an Incorrect Authorization issue that could lead to a Security feature bypass. A low-privileged attacker may be able to bypass security measures and gain limited unauthorized view access to data. Exploitation of this issue does not require user interaction.
Recommendations
Update Adobe Commerce to a version later than 2.4.9-alpha3.
Update Adobe Commerce to a version later than 2.4.8-p3.
Update Adobe Commerce to a version later than 2.4.7-p8.
Update Adobe Commerce to a version later than 2.4.6-p13.
Update Adobe Commerce to a version later than 2.4.5-p15.
Update Adobe Commerce to a version later than 2.4.4-p16.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce