CVE-2026-21295

CWE-601Open Redirect4 documents4 sources
Severity
3.1LOW
EPSS
0.0%
top 85.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Adobe CommerceAdobe Commerce B2BAdobe Magento+1 more
Timeline
PublishedMar 11

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages4 packages

NVDadobe/commerce< 2.4.4+6
NVDadobe/commerce_b2b< 1.3.3+6
CVEListV5adobe/adobe_commerce2.4.4-p16
NVDadobe/magento< 2.4.5+5

🔴Vulnerability Details

2
CVEList
Adobe Commerce | URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)2026-03-11
GHSA
GHSA-3wrj-cc82-vwx4: Adobe Commerce versions 22026-03-11

🕵️Threat Intelligence

1
Wiz
CVE-2026-21295 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-21295 (LOW CVSS 3.1) | Adobe Commerce versions 2.4.9-alpha | cvebase.io