CVE-2026-21310
Received
Received - Intake
Improper Input Validation in Adobe Commerce Enables Security Bypass
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: Adobe Systems Incorporated
Description
Description
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with limited impact to integrity. Exploitation of this issue does not require user interaction.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | to 2.4.4 (exc) |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.9 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.9 |
| adobe | commerce | 2.4.4 |
| adobe | commerce | 2.4.5 |
| adobe | commerce | 2.4.6 |
| adobe | commerce | 2.4.7 |
| adobe | commerce | 2.4.8 |
| adobe | commerce | 2.4.9 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | to 1.3.3 (exc) |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.5.2 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.5.2 |
| adobe | commerce_b2b | 1.5.3 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.5.2 |
| adobe | commerce_b2b | 1.5.3 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.3.3 |
| adobe | commerce_b2b | 1.3.4 |
| adobe | commerce_b2b | 1.3.5 |
| adobe | commerce_b2b | 1.4.2 |
| adobe | commerce_b2b | 1.5.2 |
| adobe | commerce_b2b | 1.5.3 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | to 2.4.5 (exc) |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | 2.4.5 |
| adobe | magento | 2.4.6 |
| adobe | magento | 2.4.7 |
| adobe | magento | 2.4.8 |
| adobe | magento | 2.4.9 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
