Unrestricted File Upload Vulnerability in Adobe Commerce Web Application
CVE-2026-48356
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-48356?
Adobe Commerce is vulnerable to an unrestricted file upload issue that may allow an attacker to upload files of potentially harmful types, leading to arbitrary code execution within the context of the current user. This security weakness can be exploited through user interaction, such as visiting a specially crafted URL or engaging with a compromised web page. Successful exploitation may allow the attacker to inject malicious scripts, which could result in increased privileges or control over the affected user's session.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18