8.7
CVE-2026-34653
- EPSS 0.61%
- Veröffentlicht 12.05.2026 19:50:29
- Zuletzt bearbeitet 20.05.2026 16:02:39
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Version < 1.3.3
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep1
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.3 Updatep11
Adobe ≫ Commerce B2b Version1.3.3 Updatep12
Adobe ≫ Commerce B2b Version1.3.3 Updatep13
Adobe ≫ Commerce B2b Version1.3.3 Updatep14
Adobe ≫ Commerce B2b Version1.3.3 Updatep15
Adobe ≫ Commerce B2b Version1.3.3 Updatep16
Adobe ≫ Commerce B2b Version1.3.3 Updatep17
Adobe ≫ Commerce B2b Version1.3.3 Updatep2
Adobe ≫ Commerce B2b Version1.3.3 Updatep3
Adobe ≫ Commerce B2b Version1.3.3 Updatep4
Adobe ≫ Commerce B2b Version1.3.3 Updatep5
Adobe ≫ Commerce B2b Version1.3.3 Updatep6
Adobe ≫ Commerce B2b Version1.3.3 Updatep7
Adobe ≫ Commerce B2b Version1.3.3 Updatep8
Adobe ≫ Commerce B2b Version1.3.3 Updatep9
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep1
Adobe ≫ Commerce B2b Version1.3.4 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Updatep11
Adobe ≫ Commerce B2b Version1.3.4 Updatep12
Adobe ≫ Commerce B2b Version1.3.4 Updatep13
Adobe ≫ Commerce B2b Version1.3.4 Updatep14
Adobe ≫ Commerce B2b Version1.3.4 Updatep15
Adobe ≫ Commerce B2b Version1.3.4 Updatep16
Adobe ≫ Commerce B2b Version1.3.4 Updatep2
Adobe ≫ Commerce B2b Version1.3.4 Updatep3
Adobe ≫ Commerce B2b Version1.3.4 Updatep4
Adobe ≫ Commerce B2b Version1.3.4 Updatep5
Adobe ≫ Commerce B2b Version1.3.4 Updatep6
Adobe ≫ Commerce B2b Version1.3.4 Updatep7
Adobe ≫ Commerce B2b Version1.3.4 Updatep8
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Adobe ≫ Commerce B2b Version1.4.2 Updatep3
Adobe ≫ Commerce B2b Version1.4.2 Updatep4
Adobe ≫ Commerce B2b Version1.4.2 Updatep5
Adobe ≫ Commerce B2b Version1.4.2 Updatep6
Adobe ≫ Commerce B2b Version1.4.2 Updatep7
Adobe ≫ Commerce B2b Version1.4.2 Updatep8
Adobe ≫ Commerce B2b Version1.4.2 Updatep9
Adobe ≫ Commerce B2b Version1.5.2 Update-
Adobe ≫ Commerce B2b Version1.5.2 Updatep1
Adobe ≫ Commerce B2b Version1.5.2 Updatep2
Adobe ≫ Commerce B2b Version1.5.2 Updatep3
Adobe ≫ Commerce B2b Version1.5.2 Updatep4
Adobe ≫ Commerce B2b Version1.5.3 Updatebeta1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.443 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 8.7 | 2.3 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://helpx.adobe.com/security/products/magento/apsb26-49.html