CVEFinder.io

CVE-2026-34646

⚠️ high
🔍 Scan for this CVE
Summary

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 329,456 vulnerabilities in our database.

#102,448
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-05-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-863

📦 Affected Products 18

Vendor Product Status Affected Versions
adobe magento Affected
< 2.4.6
adobe magento Affected
v2.4.6
adobe magento Affected
v2.4.7
adobe magento Affected
v2.4.8
adobe magento Affected
v2.4.9
adobe commerce Affected
< 2.4.4
adobe commerce Affected
v2.4.4
adobe commerce Affected
v2.4.5
adobe commerce Affected
v2.4.6
adobe commerce Affected
v2.4.7
adobe commerce Affected
v2.4.8
adobe commerce Affected
v2.4.9
adobe commerce_b2b Affected
< 1.3.3
adobe commerce_b2b Affected
v1.3.3
adobe commerce_b2b Affected
v1.3.4
adobe commerce_b2b Affected
v1.4.2
adobe commerce_b2b Affected
v1.5.2
adobe commerce_b2b Affected
v1.5.3

🔗 References 1

https://helpx.adobe.com/security/products/magento/ap...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-34645 ⚠️ high 7.5 0.1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an ... 2026-05-12
CVE-2026-34647 ⚠️ high 7.4 0.1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a S... 2026-05-12
CVE-2026-34648 ⚠️ high 7.5 0.0 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an ... 2026-05-12
CVE-2026-34649 ⚠️ high 7.5 0.1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an ... 2026-05-12
CVE-2026-34650 ⚠️ high 7.5 0.0 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an ... 2026-05-12
CVE-2026-34651 ⚠️ high 7.5 0.1 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an ... 2026-05-12
These CVEs affect the same products