VDB
CVE-2026-21286
CVE-2026-21286
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction.
EPSS 0.08% · 23.5th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.08%
23.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| adobe | magento | 2.4.7, 0, 2.4.5 |
| adobe | commerce_b2b | 1.3.4, 0, 1.3.3 |
| adobe | commerce | 2.4.4, 0, 2.4.4 |
| Adobe | Adobe Commerce | 0 |
Timeline
- Mar 11, 2026 CVE Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Security Advisory
- Mar 17, 2026 Security Advisory
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score