Improper Input Validation in Adobe Commerce Affecting Multiple Versions
CVE-2026-21310

5.3MEDIUM

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 11 March 2026

What is CVE-2026-21310?

Adobe Commerce is affected by an improper input validation vulnerability that could potentially allow attackers to bypass security features. This flaw exists across several versions of the software, posing a risk to the integrity of the system. Exploitation of this vulnerability does not require any user interaction, which increases its potential impact. Users of affected versions are strongly advised to review their configurations and apply any available patches or updates to mitigate this risk.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p16

References

https://helpx.adobe.com/security/products/magento/apsb26-...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 11, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2026-21310 Data

JSON