PT-2026-24565 · Adobe · Commerce

Michele Damico

Published

2026-03-10

Updated

2026-03-11

CVE-2026-21359

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p16 and earlier Adobe Commerce versions 2.4.5-p15 Adobe Commerce versions 2.4.6-p13 Adobe Commerce versions 2.4.7-p8 Adobe Commerce versions 2.4.8-p3 Adobe Commerce versions 2.4.9-alpha3

Description The software contains an Incorrect Authorization issue that could lead to a Security feature bypass. An attacker could potentially bypass security measures, resulting in limited impact to data integrity and availability. Exploitation of this issue is conditional and does not require user interaction.

Recommendations Update Adobe Commerce versions prior to 2.4.4-p16. Update Adobe Commerce versions prior to 2.4.5-p15. Update Adobe Commerce versions prior to 2.4.6-p13. Update Adobe Commerce versions prior to 2.4.7-p8. Update Adobe Commerce versions prior to 2.4.8-p3. Update Adobe Commerce versions prior to 2.4.9-alpha3.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2026-03230

CVE-2026-21359

Affected Products

Commerce

PT-2026-24565 · Adobe · Commerce

CVE-2026-21359

Weakness Enumeration

Related Identifiers

Affected Products

References · 6