Uncontrolled Resource Consumption in Adobe Commerce Software
CVE-2026-34650

7.5HIGH

Key Information:

Vendor: Adobe
Status: Adobe Commerce
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-34650?

Adobe Commerce has a significant vulnerability that allows attackers to exploit uncontrolled resource consumption, potentially leading to application denial-of-service conditions. This issue affects various versions of the software, enabling an attacker to deplete system resources without requiring user interaction. This situation raises serious concerns about the availability and performance of applications using affected versions. It is crucial for users and administrators to take immediate actions to mitigate this risk.

Affected Version(s)

Adobe Commerce 0 <= 2.4.4-p17

References

https://helpx.adobe.com/security/products/magento/apsb26-...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34650 Data

JSON