SQL Injection Vulnerability in Adobe Commerce Software
CVE-2026-47992

7.2HIGH

What is CVE-2026-47992?

Adobe Commerce has been identified as having a vulnerability related to improper handling of special characters in SQL commands. This SQL Injection flaw allows attackers with high privileges to execute arbitrary SQL commands. By exploiting this vulnerability, an attacker may gain elevated access rights or control over a victim’s account or session without any user interaction. This highlights the critical need for security measures and regular updates within Adobe Commerce to mitigate potential threats.

Affected Version(s)

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.