CVE-2026-21282Improper Input Validation in Adobe Commerce

CWE-20Improper Input Validation4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 48.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe CommerceAdobe Commerce B2BAdobe Magento+1 more
Timeline
PublishedMar 11

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

NVDadobe/commerce< 2.4.4+6
NVDadobe/commerce_b2b< 1.3.3+6
CVEListV5adobe/adobe_commerce2.4.4-p16
NVDadobe/magento< 2.4.5+5

🔴Vulnerability Details

2
CVEList
Adobe Commerce | Improper Input Validation (CWE-20)2026-03-11
GHSA
GHSA-93vq-4p5q-cvfx: Adobe Commerce versions 22026-03-11

🕵️Threat Intelligence

1
Wiz
CVE-2026-21282 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21282 — Improper Input Validation in Adobe | cvebase