CVE-2026-34653
⚠️ highSummary
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.
CVSS Score
8.7
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-12
First Seen: 2026-05-21
📊 Relative Risk Intelligence
This CVE is High Risk - more severe than 81.1% of all 330,193 vulnerabilities in our database.
#62,466
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 13, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by
CISA
Last Modified
2026-05-20
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE IDs (Weakness Types)