CVE-2026-21310: Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user interaction.

Affected

21 ranges

Vendor	Product	Version range	Fixed in
adobe	adobe_commerce	<= 2.4.4-p16	—
adobe	commerce	< 2.4.4	2.4.4
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce	—	—
adobe	commerce_b2b	< 1.3.3	1.3.3
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	commerce_b2b	—	—
adobe	magento	< 2.4.5	2.4.5
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—
adobe	magento	—	—