PT-2026-40398 · Adobe · Commerce
Miklos Zoltan
·
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-34653
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Commerce versions prior to 2.4.9-beta1
Description
An improper limitation of a pathname to a restricted directory, known as path traversal, allows an authenticated attacker with administrative privileges to read and write arbitrary files outside the intended directory. This issue does not require user interaction.
Recommendations
Update to a version newer than 2.4.9-beta1.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Commerce