wid-sec-w-2026-0668 · Published 2026-03-10 · View on BSI CERT-Bund ↗

Adobe Magento: Multiple Vulnerabilities

CVSS 8.7 HIGH

Risk Summary

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access to a feature. Exploitation of this issue does not require user interaction.

CVEs (19)

CVE-2026-21282 CVE-2026-21284 CVE-2026-21285 CVE-2026-21286 CVE-2026-21289 CVE-2026-21290 CVE-2026-21291 CVE-2026-21292 CVE-2026-21293 CVE-2026-21294 CVE-2026-21295 CVE-2026-21296 CVE-2026-21297 CVE-2026-21309 CVE-2026-21310 CVE-2026-21311 CVE-2026-21359 CVE-2026-21360 CVE-2026-21361

Affected Vendors

Adobe

Affected Products (10)

Adobe · Magento <2.4.9‑beta1

Adobe · Magento 2.4.9‑beta1

Adobe · Magento <2.4.8‑p4

Adobe · Magento 2.4.8‑p4

Adobe · Magento <2.4.7‑p9

Adobe · Magento 2.4.7‑p9

Adobe · Magento <2.4.6‑p14

Adobe · Magento 2.4.6‑p14

Adobe · Magento <2.4.5‑p16

Adobe · Magento 2.4.5‑p16

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more