Back to overview

CVE-2026-47992

HIGH
7.2
CVSS 3.1
Description
Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction.

Metadata

CVE ID
CVE-2026-47992
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-20 15:50 UTC
Published
2026-07-14 19:44 UTC
Last updated
2026-07-14 19:44 UTC
Primary CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL C…
Vendor / Product
Adobe / Adobe Commerce
Sources
cve.org  ·  NVD

Severity & Metrics

7.2 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products (4)
VendorProductPlatformVersions
Adobe Adobe Commerce 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul
Adobe Adobe Commerce B2B 0 ≤ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18, 1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul
Adobe Adobe Commerce Webhooks Plugin 0 ≤ 1.20.0, 1.21.0
Adobe Magento Open Source 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul
Weakness (CWE)
CWESourceDescription
CWE-89 cna Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
CVSS scores (1)
ScoreSeverityVersionSourceVector
7.2 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Back to overview