Back to overview

CVE-2026-47998

MEDIUM
5.9
CVSS 3.1
Description
Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Metadata

CVE ID
CVE-2026-47998
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-20 15:50 UTC
Published
2026-07-14 19:44 UTC
Last updated
2026-07-14 19:44 UTC
Primary CWE
CWE-863
Incorrect Authorization (CWE-863)
Vendor / Product
Adobe / Adobe Commerce
Sources
cve.org  ·  NVD

Severity & Metrics

5.9 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products (4)
VendorProductPlatformVersions
Adobe Adobe Commerce 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul
Adobe Adobe Commerce B2B 0 ≤ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18, 1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul
Adobe Adobe Commerce Webhooks Plugin 0 ≤ 1.20.0, 1.21.0
Adobe Magento Open Source 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul
Weakness (CWE)
CWESourceDescription
CWE-863 cna Incorrect Authorization (CWE-863)
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.9 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Back to overview