Incorrect Authorization Vulnerability in Adobe Commerce
CVE-2026-47988

8.6HIGH

What is CVE-2026-47988?

Adobe Commerce is susceptible to an Incorrect Authorization vulnerability that allows attackers to bypass critical security measures. This flaw can enable unauthorized read and write access to sensitive data without requiring any user interaction. Such an exploit presents considerable risks, as it can undermine the integrity and confidentiality of the affected system.

Affected Version(s)

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.