Adobe Commerce
Moderate fix6 remedies
cpe:2.3:a:adobe:commerce:*:*:*:*:*:*:*
Moderate fix6 remedies
- <= 2.4.9-alpha3
- <= 2.4.8-p3
- <= 2.4.7-p8
- <= 2.4.6-p13
- <= 2.4.5-p15
- <= 2.4.4-p16
Adobe Commerce and Magento Open Source Incorrect Authorization Vulnerability Allowing Security Feature Bypass
Vulnerability
Patched
A vulnerability allowing incorrect authorization has been identified in Adobe Commerce and Magento Open Source. This issue affects several versions, including Adobe Commerce 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier, as well as Magento Open Source 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13 and 2.4.5-p15. The vulnerability could lead to a security feature bypass, allowing a low-privileged attacker to gain limited unauthorized access to certain features. Exploitation does not require user interaction.
Impact
Exploitation of this vulnerability could bypass security measures, allowing unauthorized access to specific features.
Remediation
Users are advised to update to Adobe Commerce 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16 or 2.4.4-p17. For Magento Open Source users, the recommended versions are 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14 or 2.4.5-p16.
Added: Mar 11, 2026, 3:22 AM
Updated: Mar 11, 2026, 3:22 AM
Vulnerability Rating
Custom Algorithm
spread
6.4impact
1.3exploitability
5.4remediation
7.7relevance
3.8threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.