cvelistv5 - cve-2026-21282

CVE-2026-21282 (GCVE-0-2026-21282)

Vulnerability from cvelistv5

Published

2026-03-11 02:19

Modified

2026-03-11 13:34

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-20 - Improper Input Validation ()

Summary

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction.

References

URL

Tags

https://helpx.adobe.com/security/products/magento/apsb26-05.html

vendor-advisory

Impacted products

	Vendor	Product	Version
	Adobe	Adobe Commerce	Version: 0 ≤ 2.4.4-p16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-21282",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T13:34:08.935869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T13:34:17.821Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Adobe Commerce",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "2.4.4-p16",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-03-09T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 5.3,
            "environmentalSeverity": "MEDIUM",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "NONE",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "NETWORK",
            "modifiedAvailabilityImpact": "LOW",
            "modifiedConfidentialityImpact": "NONE",
            "modifiedIntegrityImpact": "NONE",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 5.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation (CWE-20)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T02:19:23.167Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/magento/apsb26-05.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Adobe Commerce | Improper Input Validation (CWE-20)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2026-21282",
    "datePublished": "2026-03-11T02:19:23.167Z",
    "dateReserved": "2025-12-12T22:01:18.188Z",
    "dateUpdated": "2026-03-11T13:34:17.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2026-AVI-0264

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Adobe. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Adobe	Acrobat	Acrobat 2024 versions antérieures à 24.001.30356 pour Windows et macOS
Adobe	Commerce	Commerce versions 2.4.8 antérieures à 4.2.8-p4
Adobe	Commerce	Commerce versions 2.4.6 antérieures à 4.2.6-p14
Adobe	Commerce	Commerce versions 2.4.9 antérieures à 4.2.9-beta1
Adobe	Commerce	Commerce versions 2.4.7 antérieures à 4.2.7-p9
Adobe	Commerce	Commerce versions 2.4.4 antérieures à 4.2.4-p17
Adobe	Magento	Magento Open Source versions 2.4.6 antérieures à 2.4.6-p14
Adobe	Magento	Magento Open Source versions 2.4.7 antérieures à 2.4.7-p9
Adobe	Magento	Magento Open Source versions 2.4.5 antérieures à 2.4.5-p16
Adobe	Commerce	Commerce B2B versions 1.5.3 antérieures à 1.5.3-beta1
Adobe	Commerce	Commerce B2B versions 1.3.5 antérieures à 1.3.5-p14
Adobe	Acrobat Reader	Acrobat Reader DC versions antérieures à 25.001.21288 pour Windows et macOS
Adobe	Magento	Magento Open Source versions 2.4.9 antérieures à 2.4.9-beta1
Adobe	Commerce	Commerce B2B versions 1.5.2 antérieures à 1.5.2-p4
Adobe	Commerce	Commerce B2B versions 1.3.3 antérieures à 1.3.3-p17
Adobe	Acrobat	Acrobat DC versions antérieures à 25.001.21288 pour Windows et macOS
Adobe	Commerce	Commerce versions 2.4.5 antérieures à 4.2.5-p16
Adobe	Magento	Magento Open Source versions 2.4.8 antérieures à 2.4.8-p4
Adobe	Commerce	Commerce B2B versions 1.4.2 antérieures à 1.4.2-p9
Adobe	Commerce	Commerce B2B versions 1.3.4 antérieures à 1.3.4-p16

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB26-05	2026-03-10	vendor-advisory
Bulletin de sécurité Adobe APSB26-26	2026-03-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Acrobat 2024 versions ant\u00e9rieures \u00e0 24.001.30356 pour Windows et macOS",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.8 ant\u00e9rieures \u00e0 4.2.8-p4",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.6 ant\u00e9rieures \u00e0 4.2.6-p14",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.9 ant\u00e9rieures \u00e0 4.2.9-beta1",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.7 ant\u00e9rieures \u00e0 4.2.7-p9",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.4 ant\u00e9rieures \u00e0 4.2.4-p17",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.6 ant\u00e9rieures \u00e0 2.4.6-p14",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.7 ant\u00e9rieures \u00e0 2.4.7-p9",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.5 ant\u00e9rieures \u00e0 2.4.5-p16",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.5.3 ant\u00e9rieures \u00e0 1.5.3-beta1",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.5 ant\u00e9rieures \u00e0 1.3.5-p14",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat Reader DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
      "product": {
        "name": "Acrobat Reader",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.9 ant\u00e9rieures \u00e0 2.4.9-beta1",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.5.2 ant\u00e9rieures \u00e0 1.5.2-p4",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.3 ant\u00e9rieures \u00e0 1.3.3-p17",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Acrobat DC versions ant\u00e9rieures \u00e0 25.001.21288 pour Windows et macOS",
      "product": {
        "name": "Acrobat",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": " Commerce versions 2.4.5 ant\u00e9rieures \u00e0 4.2.5-p16",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Magento Open Source versions 2.4.8 ant\u00e9rieures \u00e0 2.4.8-p4",
      "product": {
        "name": "Magento",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.4.2 ant\u00e9rieures \u00e0 1.4.2-p9",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Commerce B2B versions 1.3.4 ant\u00e9rieures \u00e0 1.3.4-p16",
      "product": {
        "name": "Commerce",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27220"
    },
    {
      "name": "CVE-2026-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27221"
    },
    {
      "name": "CVE-2026-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21295"
    },
    {
      "name": "CVE-2026-21360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21360"
    },
    {
      "name": "CVE-2026-27278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27278"
    },
    {
      "name": "CVE-2026-21291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21291"
    },
    {
      "name": "CVE-2026-21311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21311"
    },
    {
      "name": "CVE-2026-21293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21293"
    },
    {
      "name": "CVE-2026-21292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21292"
    },
    {
      "name": "CVE-2026-21359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21359"
    },
    {
      "name": "CVE-2026-21361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21361"
    },
    {
      "name": "CVE-2026-21285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21285"
    },
    {
      "name": "CVE-2026-21310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21310"
    },
    {
      "name": "CVE-2026-21294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21294"
    },
    {
      "name": "CVE-2026-21286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21286"
    },
    {
      "name": "CVE-2026-21284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21284"
    },
    {
      "name": "CVE-2026-21289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21289"
    },
    {
      "name": "CVE-2026-21282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21282"
    },
    {
      "name": "CVE-2026-21297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21297"
    },
    {
      "name": "CVE-2026-21296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21296"
    },
    {
      "name": "CVE-2026-21309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21309"
    },
    {
      "name": "CVE-2026-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21290"
    }
  ],
  "initial_release_date": "2026-03-11T00:00:00",
  "last_revision_date": "2026-03-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0264",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Adobe. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Adobe",
  "vendor_advisories": [
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-05",
      "url": "https://helpx.adobe.com/security/products/magento/apsb26-05.html"
    },
    {
      "published_at": "2026-03-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB26-26",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb26-26.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2026-21282 (GCVE-0-2026-21282)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0264

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature