Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Adobe Commerce: Unauthorized Access to Sensitive Data
CVE-2026-21289
Summary
Adobe Commerce versions 2.4.9-alpha3 and earlier have a security flaw that allows an attacker to access sensitive data without permission. This means an attacker could see confidential information without needing to log in or do anything else. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.9 | – |
| adobe | commerce_b2b | <= 1.3.3 | – |
| adobe | commerce | <= 2.4.4 | – |
| adobe | magento | <= 2.4.5 | – |
Original title
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security featur...
Original description
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized view access of data. Exploitation of this issue does not require user interaction.
nvd CVSS3.1
7.5
Vulnerability type
CWE-863
Incorrect Authorization
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026