3.4
CVE-2026-34685
- EPSS 0.37%
- Veröffentlicht 12.05.2026 19:50:30
- Zuletzt bearbeitet 20.05.2026 15:48:34
- Quelle psirt@adobe.com
- CVE-Watchlists
- Unerledigt
Adobe Commerce | Improper Input Validation (CWE-20)
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Adobe ≫ Commerce B2b Version < 1.3.3
Adobe ≫ Commerce B2b Version1.3.3 Update-
Adobe ≫ Commerce B2b Version1.3.3 Updatep1
Adobe ≫ Commerce B2b Version1.3.3 Updatep10
Adobe ≫ Commerce B2b Version1.3.3 Updatep11
Adobe ≫ Commerce B2b Version1.3.3 Updatep12
Adobe ≫ Commerce B2b Version1.3.3 Updatep13
Adobe ≫ Commerce B2b Version1.3.3 Updatep14
Adobe ≫ Commerce B2b Version1.3.3 Updatep15
Adobe ≫ Commerce B2b Version1.3.3 Updatep16
Adobe ≫ Commerce B2b Version1.3.3 Updatep17
Adobe ≫ Commerce B2b Version1.3.3 Updatep2
Adobe ≫ Commerce B2b Version1.3.3 Updatep3
Adobe ≫ Commerce B2b Version1.3.3 Updatep4
Adobe ≫ Commerce B2b Version1.3.3 Updatep5
Adobe ≫ Commerce B2b Version1.3.3 Updatep6
Adobe ≫ Commerce B2b Version1.3.3 Updatep7
Adobe ≫ Commerce B2b Version1.3.3 Updatep8
Adobe ≫ Commerce B2b Version1.3.3 Updatep9
Adobe ≫ Commerce B2b Version1.3.4 Update-
Adobe ≫ Commerce B2b Version1.3.4 Updatep1
Adobe ≫ Commerce B2b Version1.3.4 Updatep10
Adobe ≫ Commerce B2b Version1.3.4 Updatep11
Adobe ≫ Commerce B2b Version1.3.4 Updatep12
Adobe ≫ Commerce B2b Version1.3.4 Updatep13
Adobe ≫ Commerce B2b Version1.3.4 Updatep14
Adobe ≫ Commerce B2b Version1.3.4 Updatep15
Adobe ≫ Commerce B2b Version1.3.4 Updatep16
Adobe ≫ Commerce B2b Version1.3.4 Updatep2
Adobe ≫ Commerce B2b Version1.3.4 Updatep3
Adobe ≫ Commerce B2b Version1.3.4 Updatep4
Adobe ≫ Commerce B2b Version1.3.4 Updatep5
Adobe ≫ Commerce B2b Version1.3.4 Updatep6
Adobe ≫ Commerce B2b Version1.3.4 Updatep7
Adobe ≫ Commerce B2b Version1.3.4 Updatep8
Adobe ≫ Commerce B2b Version1.3.4 Updatep9
Adobe ≫ Commerce B2b Version1.4.2 Update-
Adobe ≫ Commerce B2b Version1.4.2 Updatep1
Adobe ≫ Commerce B2b Version1.4.2 Updatep2
Adobe ≫ Commerce B2b Version1.4.2 Updatep3
Adobe ≫ Commerce B2b Version1.4.2 Updatep4
Adobe ≫ Commerce B2b Version1.4.2 Updatep5
Adobe ≫ Commerce B2b Version1.4.2 Updatep6
Adobe ≫ Commerce B2b Version1.4.2 Updatep7
Adobe ≫ Commerce B2b Version1.4.2 Updatep8
Adobe ≫ Commerce B2b Version1.4.2 Updatep9
Adobe ≫ Commerce B2b Version1.5.2 Update-
Adobe ≫ Commerce B2b Version1.5.2 Updatep1
Adobe ≫ Commerce B2b Version1.5.2 Updatep2
Adobe ≫ Commerce B2b Version1.5.2 Updatep3
Adobe ≫ Commerce B2b Version1.5.2 Updatep4
Adobe ≫ Commerce B2b Version1.5.3 Updatebeta1
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.289 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@adobe.com | 3.4 | 1.7 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://helpx.adobe.com/security/products/magento/apsb26-49.html