← Back

CVE-2026-34647

nvd nist
Published: May 12, 2026Modified: May 20, 2026

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 4.0
Source: psirt@adobe.com

Description

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Affected (161)

Adobe
3 products
Commerce
Commerce B2b
Magento
Configuration A
72 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce
Before 2.4.4
Commerce
Version 2.4.4
Commerce
Version 2.4.4 p10
Commerce
Version 2.4.4 p11
Commerce
Version 2.4.4 p12
Commerce
Version 2.4.4 p13
Commerce
Version 2.4.4 p14
Commerce
Version 2.4.4 p15
Commerce
Version 2.4.4 p16
Commerce
Version 2.4.4 p17
Commerce
Version 2.4.4 p1
Commerce
Version 2.4.4 p2
Commerce
Version 2.4.4 p3
Commerce
Version 2.4.4 p4
Commerce
Version 2.4.4 p5
Commerce
Version 2.4.4 p6
Commerce
Version 2.4.4 p7
Commerce
Version 2.4.4 p8
Commerce
Version 2.4.4 p9
Commerce
Version 2.4.5
Commerce
Version 2.4.5 p10
Commerce
Version 2.4.5 p11
Commerce
Version 2.4.5 p12
Commerce
Version 2.4.5 p13
Commerce
Version 2.4.5 p14
Commerce
Version 2.4.5 p15
Commerce
Version 2.4.5 p16
Commerce
Version 2.4.5 p1
Commerce
Version 2.4.5 p2
Commerce
Version 2.4.5 p3
Commerce
Version 2.4.5 p4
Commerce
Version 2.4.5 p5
Commerce
Version 2.4.5 p6
Commerce
Version 2.4.5 p7
Commerce
Version 2.4.5 p8
Commerce
Version 2.4.5 p9
Commerce
Version 2.4.6
Commerce
Version 2.4.6 p10
Commerce
Version 2.4.6 p11
Commerce
Version 2.4.6 p12
Commerce
Version 2.4.6 p13
Commerce
Version 2.4.6 p14
Commerce
Version 2.4.6 p1
Commerce
Version 2.4.6 p2
Commerce
Version 2.4.6 p3
Commerce
Version 2.4.6 p4
Commerce
Version 2.4.6 p5
Commerce
Version 2.4.6 p6
Commerce
Version 2.4.6 p7
Commerce
Version 2.4.6 p8
Commerce
Version 2.4.6 p9
Commerce
Version 2.4.7
Commerce
Version 2.4.7 b1
Commerce
Version 2.4.7 b2
Commerce
Version 2.4.7 beta3
Commerce
Version 2.4.7 p1
Commerce
Version 2.4.7 p2
Commerce
Version 2.4.7 p3
Commerce
Version 2.4.7 p4
Commerce
Version 2.4.7 p5
Commerce
Version 2.4.7 p6
Commerce
Version 2.4.7 p7
Commerce
Version 2.4.7 p8
Commerce
Version 2.4.7 p9
Commerce
Version 2.4.8
Commerce
Version 2.4.8 beta1
Commerce
Version 2.4.8 beta2
Commerce
Version 2.4.8 p1
Commerce
Version 2.4.8 p2
Commerce
Version 2.4.8 p3
Commerce
Version 2.4.8 p4
Commerce
Version 2.4.9 beta1
Configuration B
52 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Commerce B2b
Before 1.3.3
Commerce B2b
Version 1.3.3
Commerce B2b
Version 1.3.3 p10
Commerce B2b
Version 1.3.3 p11
Commerce B2b
Version 1.3.3 p12
Commerce B2b
Version 1.3.3 p13
Commerce B2b
Version 1.3.3 p14
Commerce B2b
Version 1.3.3 p15
Commerce B2b
Version 1.3.3 p16
Commerce B2b
Version 1.3.3 p17
Commerce B2b
Version 1.3.3 p1
Commerce B2b
Version 1.3.3 p2
Commerce B2b
Version 1.3.3 p3
Commerce B2b
Version 1.3.3 p4
Commerce B2b
Version 1.3.3 p5
Commerce B2b
Version 1.3.3 p6
Commerce B2b
Version 1.3.3 p7
Commerce B2b
Version 1.3.3 p8
Commerce B2b
Version 1.3.3 p9
Commerce B2b
Version 1.3.4
Commerce B2b
Version 1.3.4 p10
Commerce B2b
Version 1.3.4 p11
Commerce B2b
Version 1.3.4 p12
Commerce B2b
Version 1.3.4 p13
Commerce B2b
Version 1.3.4 p14
Commerce B2b
Version 1.3.4 p15
Commerce B2b
Version 1.3.4 p16
Commerce B2b
Version 1.3.4 p1
Commerce B2b
Version 1.3.4 p2
Commerce B2b
Version 1.3.4 p3
Commerce B2b
Version 1.3.4 p4
Commerce B2b
Version 1.3.4 p5
Commerce B2b
Version 1.3.4 p6
Commerce B2b
Version 1.3.4 p7
Commerce B2b
Version 1.3.4 p8
Commerce B2b
Version 1.3.4 p9
Commerce B2b
Version 1.4.2
Commerce B2b
Version 1.4.2 p1
Commerce B2b
Version 1.4.2 p2
Commerce B2b
Version 1.4.2 p3
Commerce B2b
Version 1.4.2 p4
Commerce B2b
Version 1.4.2 p5
Commerce B2b
Version 1.4.2 p6
Commerce B2b
Version 1.4.2 p7
Commerce B2b
Version 1.4.2 p8
Commerce B2b
Version 1.4.2 p9
Commerce B2b
Version 1.5.2
Commerce B2b
Version 1.5.2 p1
Commerce B2b
Version 1.5.2 p2
Commerce B2b
Version 1.5.2 p3
Commerce B2b
Version 1.5.2 p4
Commerce B2b
Version 1.5.3 beta1
Configuration C
37 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Magento
Before 2.4.6
Magento
Version 2.4.6
Magento
Version 2.4.6 p10
Magento
Version 2.4.6 p11
Magento
Version 2.4.6 p12
Magento
Version 2.4.6 p13
Magento
Version 2.4.6 p14
Magento
Version 2.4.6 p1
Magento
Version 2.4.6 p2
Magento
Version 2.4.6 p3
Magento
Version 2.4.6 p4
Magento
Version 2.4.6 p5
Magento
Version 2.4.6 p6
Magento
Version 2.4.6 p7
Magento
Version 2.4.6 p8
Magento
Version 2.4.6 p9
Magento
Version 2.4.7
Magento
Version 2.4.7 b1
Magento
Version 2.4.7 b2
Magento
Version 2.4.7 beta3
Magento
Version 2.4.7 p1
Magento
Version 2.4.7 p2
Magento
Version 2.4.7 p3
Magento
Version 2.4.7 p4
Magento
Version 2.4.7 p5
Magento
Version 2.4.7 p6
Magento
Version 2.4.7 p7
Magento
Version 2.4.7 p8
Magento
Version 2.4.7 p9
Magento
Version 2.4.8
Magento
Version 2.4.8 beta1
Magento
Version 2.4.8 beta2
Magento
Version 2.4.8 p1
Magento
Version 2.4.8 p2
Magento
Version 2.4.8 p3
Magento
Version 2.4.8 p4
Magento
Version 2.4.9 beta1

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

Source: psirt@adobe.com
Vendor Advisory

Timeline

No history available yet.