CVE-2026-34645

HIGH WAF: Low

CVSS 7.5 Published: 2026-05-12

CWE-863

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user interaction.

WAF Coverage Analysis

Incorrect Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

Affected Software

Vendor	Product	Version
adobe	commerce	up to 2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4
adobe	commerce	2.4.4

References

helpx.adobe.com (Vendor Advisory)

Back to CVE Database