Latest Security Updates

View All →
Security Research

CVE-2026-21361 (HIGH) CVSS 8.1

🟠 Severity: HIGH (CVSS 8.1)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form …

Security Research

CVE-2026-21360 (MEDIUM) CVSS 6.8

🟡 Severity: MEDIUM (CVSS 6.8)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could result in a security feature …

Security Research

CVE-2026-21359 (MEDIUM) CVSS 4.7

🟡 Severity: MEDIUM (CVSS 4.7)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass …

Security Research

CVE-2026-21311 (HIGH) CVSS 8.0

🟠 Severity: HIGH (CVSS 8.0)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form …

Security Research

CVE-2026-21310 (MEDIUM) CVSS 5.3

🟡 Severity: MEDIUM (CVSS 5.3)

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue …