APSB26-05 - APSB26-05: Security update available for Adobe Commerce Security Update
Bulletin Information
- Bulletin ID: APSB26-05
- Product: APSB26-05: Security update available for Adobe Commerce
- Published: March 10, 2026
- Priority: 2
- Severity: Critical
- CVE Count: 19
Affected Versions
- Adobe Commerce: 2.4.9-alpha3 and earlier2.4.8-p3 and earlier2.4.7-p8 and earlier2.4.6-p13 and earlier2.4.5-p15 and earlier2.4.4-p16 and earlier
- Adobe Commerce B2B: 1.5.3-alpha3 and earlier1.5.2-p3 and earlier1.4.2-p8 and earlier1.3.5-p13 and earlier1.3.4-p15 and earlier1.3.3-p16 and earlier
- Magento Open Source: 2.4.9-alpha32.4.8-p3 and earlier2.4.7-p8 and earlier2.4.6-p13 and earlier2.4.5-p15 and earlier
Vulnerability Details
Total Vulnerabilities: 19
Severity Breakdown:
- Moderate: 3
- Important: 10
- Critical: 6
Key Vulnerabilities:
1. CVE-2026-21361
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
2. CVE-2026-21284
- Category: Cross-site Scripting (Stored XSS) (CWE-79)
- Impact: Privilege escalation
- Severity: Critical
- CVSS Score: 8.1
- Authentication Required: Yes
3. CVE-2026-21289
- Category: Incorrect Authorization (CWE-863)
- Impact: Security feature bypass
- Severity: Critical
- CVSS Score: 7.5
- Authentication Required: Yes
…and 16 more vulnerabilities
CVE Identifiers
CVE-2026-21285, CVE-2026-21310, CVE-2026-21311, CVE-2026-21286, CVE-2026-21294, CVE-2026-21292, CVE-2026-21293, CVE-2026-21289, CVE-2026-21360, CVE-2026-21282, CVE-2026-21291, CVE-2026-21309, CVE-2026-21290, CVE-2026-21296, CVE-2026-21361, CVE-2026-21297, CVE-2026-21359, CVE-2026-21284, CVE-2026-21295