Adobe Commerce Payment Orchestrator Privilege Escalation Risk

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.6

Adobe Commerce Payment Orchestrator Privilege Escalation Risk

CVE-2026-26125

Summary

The Payment Orchestrator service in Adobe Commerce may allow an attacker to gain higher permissions than intended, potentially leading to unauthorized access to sensitive data or system compromise. This vulnerability is present in Adobe Commerce installations and requires immediate attention to prevent potential data breaches or system takeover. Users are advised to review and update their Adobe Commerce configurations as soon as possible.

Original title

Payment Orchestrator Service Elevation of Privilege Vulnerability

Original description

Payment Orchestrator Service Elevation of Privilege Vulnerability

nvd CVSS3.1 8.6

Vulnerability type

CWE-306 Missing Authentication for Critical Function

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26125

Published: 5 Mar 2026 · Updated: 14 Mar 2026 · First seen: 6 Mar 2026