Improper Encoding Vulnerability in Adobe Commerce by Adobe
CVE-2026-48358
9.1CRITICAL
Key Information:
- Vendor
Adobe
- Vendor
- CVE Published:
- 14 July 2026
What is CVE-2026-48358?
Adobe Commerce is vulnerable to an improper encoding issue that can allow an attacker to execute arbitrary code in the context of an authenticated user. Notably, exploitation of this vulnerability requires no user interaction, posing a significant risk to the security of applications relying on this software. It is crucial for users and administrators of Adobe Commerce to apply necessary updates and patches to safeguard their systems.
Affected Version(s)
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce 0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18
Adobe Commerce B2B 0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18