CVE-2026-21360

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p16 through 2.4.9-alpha3

Description The software contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') condition. This could allow a high-privileged attacker to bypass security features and access unauthorized files or directories outside the intended restricted path. Exploitation of this issue does not require user interaction.

Recommendations Adobe Commerce versions prior to 2.4.4-p16 should be updated.