CVE-2026-21282

MEDIUM

Adobe Commerce <=2.4.9-alpha3 - DoS

Title source: llm

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0028
EPSS Percentile 51.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-20
Status published
Products (4)
adobe/commerce 2.4.4 (17 CPE variants)
adobe/commerce 2.4.5 (16 CPE variants)
adobe/commerce 2.4.6 (14 CPE variants)
adobe/commerce 2.4.7 (3 CPE variants)
Published Mar 11, 2026
Tracked Since Mar 11, 2026