Server-Side Request Forgery Vulnerability in Adobe Commerce by Adobe
CVE-2026-34647

7.4HIGH

Key Information:

Vendor

Adobe
Status
Adobe Commerce
Vendor
CVE Published:
12 May 2026

What is CVE-2026-34647?

Adobe Commerce versions earlier than 2.4.9-beta1, including 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 are vulnerable to a Server-Side Request Forgery (SSRF). This flaw allows attackers to bypass security features and gain unauthorized read access, contingent upon user interaction with a malicious URL or compromised web page. Addressing this vulnerability is crucial to maintain the integrity of security protocols.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p17

References

https://helpx.adobe.com/security/products/magento/apsb26-...
vendor-advisory

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.