SQL Injection Vulnerability in Adobe Commerce Software
CVE-2026-47992
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-47992?
Adobe Commerce has been identified as having a vulnerability related to improper handling of special characters in SQL commands. This SQL Injection flaw allows attackers with high privileges to execute arbitrary SQL commands. By exploiting this vulnerability, an attacker may gain elevated access rights or control over a victim’s account or session without any user interaction. This highlights the critical need for security measures and regular updates within Adobe Commerce to mitigate potential threats.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18