VDB

CVE-2026-21286

CVE-2026-21286 PUBLISHED CVSS 5.300000190734863 MEDIUM

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction.

EPSS 0.08% · 23.5th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.08%
23.5th percentile

Affected Products

VendorProductVersions
adobemagento2.4.7, 0, 2.4.5
adobecommerce_b2b1.3.4, 0, 1.3.3
adobecommerce2.4.4, 0, 2.4.4
AdobeAdobe Commerce0

Timeline

  • Mar 11, 2026 CVE Published
  • Mar 11, 2026 EPSS Score
  • Mar 12, 2026 EPSS Score
  • Mar 13, 2026 EPSS Score
  • Mar 14, 2026 EPSS Score
  • Mar 15, 2026 EPSS Score
  • Mar 16, 2026 EPSS Score
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 Security Advisory
  • Mar 17, 2026 Security Advisory
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›