CVE-2026-21359

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 77.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Commerce Adobe Commerce B2B Adobe Magento +1 more

Timeline

PublishedMar 11

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have limited impact to the integrity and availability of data. The exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:LExploitability: 1.6 | Impact: 2.7

Affected Packages4 packages

▶NVDadobe/commerce< 2.4.4+6

▶NVDadobe/commerce_b2b< 1.3.3+6

▶CVEListV5adobe/adobe_commerce2.4.4-p16

▶NVDadobe/magento< 2.4.5+5

🔴Vulnerability Details

GHSA

GHSA-r887-hmxm-r2h5: Adobe Commerce versions 2↗2026-03-11

▶

CVEList

Adobe Commerce | Incorrect Authorization (CWE-863)↗2026-03-11

▶

🕵️Threat Intelligence

Wiz

CVE-2026-21359 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶