Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.3
Adobe Commerce: Unauthorized Access to Data
CVE-2026-21296
Summary
Older versions of Adobe Commerce have a security flaw that allows an attacker to view data they shouldn't be able to see. This means a hacker could gain access to sensitive information without needing to trick anyone into doing something. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| adobe | commerce | <= 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce_b2b | <= 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | magento | <= 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.9 | – |
Original title
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security featur...
Original description
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized view access of data. Exploitation of this issue does not require user interaction.
nvd CVSS3.1
4.3
Vulnerability type
CWE-863
Incorrect Authorization
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026