APSB26-49 - APSB26-49: Security update available for Adobe Commerce Security Update

📅

Bulletin Information

  • Bulletin ID: APSB26-49
  • Product: APSB26-49: Security update available for Adobe Commerce
  • Published: May 12, 2026
  • Priority: 2
  • Severity: Critical
  • CVE Count: 15

Affected Versions

  • Adobe Commerce: 2.4.9-beta12.4.8-p4 and earlier2.4.7-p9 and earlier2.4.6-p14 and earlier2.4.5-p16 and earlier2.4.4-p17 and earlier
  • Adobe Commerce B2B: 1.5.3-beta11.5.2-p4 and earlier1.4.2-p9 and earlier1.3.4-p16 and earlier1.3.3-p17 and earlier
  • Magento Open Source: 2.4.9-beta12.4.8-p4 and earlier2.4.7-p9 and earlier2.4.6-p14 and earlier

Vulnerability Details

Total Vulnerabilities: 15

Severity Breakdown:

  • important: 1
  • Moderate: 1
  • Important: 3
  • Critical: 10

Key Vulnerabilities:

1. CVE-2026-34645

  • Category: Incorrect Authorization (CWE-863)
  • Impact: Security feature bypass
  • Severity: Critical
  • CVSS Score: 7.5
  • Authentication Required: Yes

2. CVE-2026-34646

  • Category: Incorrect Authorization (CWE-863)
  • Impact: Security feature bypass
  • Severity: Critical
  • CVSS Score: 7.5
  • Authentication Required: Yes

3. CVE-2026-34647

  • Category: Server-Side Request Forgery (SSRF) (CWE-918)
  • Impact: Security feature bypass
  • Severity: Critical
  • CVSS Score: 7.4
  • Authentication Required: Yes

…and 12 more vulnerabilities

CVE Identifiers

CVE-2026-34654, CVE-2026-34648, CVE-2026-34686, CVE-2026-34650, CVE-2026-34656, CVE-2026-34646, CVE-2026-34658, CVE-2026-34685, CVE-2026-34649, CVE-2026-34655, CVE-2026-34647, CVE-2026-34645, CVE-2026-34653, CVE-2026-34652, CVE-2026-34651

Read Full Bulletin on Adobe Security Portal →

Previous Next Home