Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Adobe Commerce: Unvalidated User Input Can Bypass Security Features
CVE-2026-21310
Summary
Adobe Commerce versions 2.4.9-alpha3 and earlier have a security flaw that allows an attacker to bypass security features without needing user interaction. This could potentially impact the integrity of your store. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| adobe | commerce | <= 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.4 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.5 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.6 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.7 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.8 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce | 2.4.9 | – |
| adobe | commerce_b2b | <= 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.3 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.4 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.3.5 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.4.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.2 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | commerce_b2b | 1.5.3 | – |
| adobe | magento | <= 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.5 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.6 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.7 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.8 | – |
| adobe | magento | 2.4.9 | – |
Original title
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feat...
Original description
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user interaction.
nvd CVSS3.1
5.3
Vulnerability type
CWE-20
Improper Input Validation
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026