Incorrect Authorization Vulnerability in Adobe Commerce
CVE-2026-47997

5.9MEDIUM

What is CVE-2026-47997?

Adobe Commerce has a vulnerability characterized by incorrect authorization that could enable an unauthorized user to bypass established security mechanisms. This could lead to unauthorized read access to sensitive information without requiring any user interaction. Exploiting this vulnerability relies on specific conditions that may be outside the attacker's control, highlighting the need for vigilance in security practices.

Affected Version(s)

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18

Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.