Uncontrolled Resource Consumption Vulnerability in Adobe Commerce
CVE-2026-34649
7.5HIGH
What is CVE-2026-34649?
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are susceptible to an Uncontrolled Resource Consumption vulnerability. This vulnerability allows an attacker to exploit the system's resources, potentially leading to a denial-of-service condition for the application. Notably, exploitation can occur without requiring user interaction, making it a significant concern for administrators seeking to maintain uptime and service stability.
Affected Version(s)
Adobe Commerce 0 <= 2.4.4-p17
References
EPSS Score
14% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved