PT-2026-6312 · Adobe · Magento-Lts
Anees Hyder
+1
·
Published
2026-02-02
·
Updated
2026-02-12
·
CVE-2026-25523
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Magento-lts versions prior to 20.16.1
Description
Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin URL can be discovered without prior knowledge of its location by exploiting the
X-Original-Url header in certain configurations.Recommendations
Update to version 20.16.1 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Magento-Lts