Back to overview

CVE-2026-47988

HIGH
8.6
CVSS 3.1
Description
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interaction.

Metadata

CVE ID
CVE-2026-47988
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-20 15:50 UTC
Published
2026-07-14 19:44 UTC
Last updated
2026-07-14 19:44 UTC
Primary CWE
CWE-863
Incorrect Authorization (CWE-863)
Vendor / Product
Adobe / Adobe Commerce
Sources
cve.org  ·  NVD

Severity & Metrics

8.6 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected products (4)
VendorProductPlatformVersions
Adobe Adobe Commerce 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul
Adobe Adobe Commerce B2B 0 ≤ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18, 1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul
Adobe Adobe Commerce Webhooks Plugin 0 ≤ 1.20.0, 1.21.0
Adobe Magento Open Source 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul
Weakness (CWE)
CWESourceDescription
CWE-863 cna Incorrect Authorization (CWE-863)
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.6 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Back to overview