VDB
CVE-2026-21309
CVE-2026-21309
PUBLISHED
CVSS 7.5 HIGH
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.
EPSS 0.15% · 35.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.15%
35.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Adobe Commerce | 0 |
| adobe | commerce | 2.4.7, 2.4.7, 2.4.7 |
| adobe | commerce_b2b | 1.4.2, 0, 1.3.3 |
| adobe | magento | 2.4.8, 2.4.5, 2.4.9 |
Timeline
- Mar 11, 2026 CVE Published
- Mar 11, 2026 EPSS Score
- Mar 12, 2026 EPSS Score
- Mar 13, 2026 EPSS Score
- Mar 14, 2026 EPSS Score
- Mar 15, 2026 EPSS Score
- Mar 16, 2026 EPSS Score
- Mar 17, 2026 EPSS Score
- Mar 17, 2026 Security Advisory
- Mar 17, 2026 Security Advisory
- Mar 18, 2026 EPSS Score
- Mar 19, 2026 EPSS Score