Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Server-Side Request Forgery Vulnerability Allowing Security Feature Bypass
Vulnerability
Patched
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Adobe Commerce and Magento Open Source. This vulnerability affects several versions, including Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, as well as Magento Open Source versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15 and earlier. The vulnerability could lead to a security feature bypass, allowing a high-privileged attacker to manipulate server-side requests and access unauthorized resources. Exploitation does not require user interaction.
Impact
Exploitation of this vulnerability could result in unauthorized access to resources by manipulating server-side requests, leading to a bypass of security features.
Remediation
Users are advised to update to Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, or 2.4.4-p17. For Magento Open Source, users should update to version 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, or 2.4.5-p16.
Added: Mar 11, 2026, 3:24 AM
Updated: Mar 11, 2026, 3:24 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
3.1exploitability
4.4remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.