Back to overview

CVE-2026-48001

LOW
3.7
CVSS 3.1
Description
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Metadata

CVE ID
CVE-2026-48001
State
PUBLISHED
Assigner
adobe
Reserved
2026-05-20 15:50 UTC
Published
2026-07-14 19:44 UTC
Last updated
2026-07-14 19:44 UTC
Primary CWE
CWE-200
Information Exposure (CWE-200)
Vendor / Product
Adobe / Adobe Commerce
Sources
cve.org  ·  NVD

Severity & Metrics

3.7 LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products (4)
VendorProductPlatformVersions
Adobe Adobe Commerce 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-jul
Adobe Adobe Commerce B2B 0 ≤ 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18, 1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-jul
Adobe Adobe Commerce Webhooks Plugin 0 ≤ 1.20.0, 1.21.0
Adobe Magento Open Source 0 ≤ 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul
Weakness (CWE)
CWESourceDescription
CWE-200 cna Information Exposure (CWE-200)
CVSS scores (1)
ScoreSeverityVersionSourceVector
3.7 LOW 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Back to overview