CVE-2026-21360 - Vulnerability Details

- Adobe Commerce | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Description

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restricted path. Exploitation of this issue does not require user interaction.

Published: 2026-03-11

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Adobe Commerce has an improper limitation of a pathname to a restricted directory (CWE-22). Key detail from the vendor description: a high‑privileged attacker could manipulate file paths to access or modify files outside the intended restricted directory. This flaw could expose sensitive configuration files, images, or even code. The impact is a breach of confidentiality and potential integrity compromise of the e‑commerce platform. No user interaction is required, meaning that once the attacker gains the necessary privilege level, the attack can be performed automatically.

Affected Systems

Affected products are Adobe Commerce (Magento Open Source) as identified in the CPE list. The CVE description lists the specific affected releases: 2.4.9‑alpha3, 2.4.8‑p3, 2.4.7‑p8, 2.4.6‑p13, 2.4.5‑p15, 2.4.4‑p16 and all earlier versions. Any installation of these releases is potentially vulnerable until the official patch is applied.

Risk and Exploitability

The base CVSS score is 6.8, indicating a medium‑high severity, while the EPSS score of less than 1% suggests a currently low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers need high‑privilege access to the system to exploit the flaw, but because the attack does not require user interaction, the threat is straightforward for anyone who has or can elevate to the required permissions. The primary risk to affected systems is unauthorized file disclosure or modification.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Adobe

Adobe Commerce

affected

Version	Status	Constraints
`0`	affected	≤ 2.4.4-p16

Configuration 1 [-]

OR	cpe:2.3:a:adobe:commerce::::::::
	cpe:2.3:a:adobe:commerce:2.4.4:-::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p10::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p11::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p12::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p13::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p14::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p15::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p16::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p6::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p7::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p8::::::
	cpe:2.3:a:adobe:commerce:2.4.4:p9::::::
	cpe:2.3:a:adobe:commerce:2.4.5:-::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p10::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p11::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p12::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p13::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p14::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p15::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p6::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p7::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p8::::::
	cpe:2.3:a:adobe:commerce:2.4.5:p9::::::
	cpe:2.3:a:adobe:commerce:2.4.6:-::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p10::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p11::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p12::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p13::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p6::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p7::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p8::::::
	cpe:2.3:a:adobe:commerce:2.4.6:p9::::::
	cpe:2.3:a:adobe:commerce:2.4.7:-::::::
	cpe:2.3:a:adobe:commerce:2.4.7:b1::::::
	cpe:2.3:a:adobe:commerce:2.4.7:b2::::::
	cpe:2.3:a:adobe:commerce:2.4.7:beta3::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p1::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p2::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p3::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p4::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p5::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p6::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p7::::::
	cpe:2.3:a:adobe:commerce:2.4.7:p8::::::
	cpe:2.3:a:adobe:commerce:2.4.8:-::::::
	cpe:2.3:a:adobe:commerce:2.4.8:beta1::::::
	cpe:2.3:a:adobe:commerce:2.4.8:beta2::::::
	cpe:2.3:a:adobe:commerce:2.4.8:p1::::::
cpe:2.3:a:adobe:commerce:2.4.8:p2::::::
cpe:2.3:a:adobe:commerce:2.4.8:p3::::::
cpe:2.3:a:adobe:commerce:2.4.9:alpha1::::::
cpe:2.3:a:adobe:commerce:2.4.9:alpha2::::::
cpe:2.3:a:adobe:commerce:2.4.9:alpha3::::::

Configuration 2 [-]

OR	cpe:2.3:a:adobe:commerce_b2b::::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:-::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:-::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:-::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p12::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p13::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8::::::
	cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:-::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7::::::
	cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.2:-::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2::::::
	cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha3::::::

Configuration 3 [-]

OR	cpe:2.3:a:adobe:magento:::::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p10:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p11:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p12:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p13:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p14:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p15:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p4:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p5:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p6:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p7:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p8:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.5:p9:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p10:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p11:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p12:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p13:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p4:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p5:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p6:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p7:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p8:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.6:p9:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:b1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:b2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:beta3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p4:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p5:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p6:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p7:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.7:p8:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:-:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:beta1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:beta2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:p1:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:p2:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.8:p3:::open_source:::*
	cpe:2.3:a:adobe:magento:2.4.9:alpha3:::open_source:::*

No data.

Vendor Product Confidence Versions

Adobe

Adobe Commerce

100%

Version	Status	Scheme	Platform
`[0,2.4.4-p16]`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Adobe Commerce security patch or upgrade to a non‑affected release (see Adobe’s security advisory at https://helpx.adobe.com/security/products/magento/apsb26-05.html).
As a temporary countermeasure, restrict web server access to critical directories using .htaccess or equivalent web‑server configuration to block path traversal attempts.

Generated by OpenCVE AI on March 17, 2026 at 16:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00226.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://helpx.adobe.com/security/products/magento/apsb26-05.html

History

Wed, 11 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:adobe:commerce:::::::: cpe:2.3:a:adobe:commerce_b2b:::::::: cpe:2.3:a:adobe:magento:::::open_source:::*

Wed, 11 Mar 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe commerce Adobe commerce B2b Adobe magento
CPEs		cpe:2.3:a:adobe:commerce:2.4.4:-:::::: cpe:2.3:a:adobe:commerce:2.4.4:p10:::::: cpe:2.3:a:adobe:commerce:2.4.4:p11:::::: cpe:2.3:a:adobe:commerce:2.4.4:p12:::::: cpe:2.3:a:adobe:commerce:2.4.4:p13:::::: cpe:2.3:a:adobe:commerce:2.4.4:p14:::::: cpe:2.3:a:adobe:commerce:2.4.4:p15:::::: cpe:2.3:a:adobe:commerce:2.4.4:p16:::::: cpe:2.3:a:adobe:commerce:2.4.4:p1:::::: cpe:2.3:a:adobe:commerce:2.4.4:p2:::::: cpe:2.3:a:adobe:commerce:2.4.4:p3:::::: cpe:2.3:a:adobe:commerce:2.4.4:p4:::::: cpe:2.3:a:adobe:commerce:2.4.4:p5:::::: cpe:2.3:a:adobe:commerce:2.4.4:p6:::::: cpe:2.3:a:adobe:commerce:2.4.4:p7:::::: cpe:2.3:a:adobe:commerce:2.4.4:p8:::::: cpe:2.3:a:adobe:commerce:2.4.4:p9:::::: cpe:2.3:a:adobe:commerce:2.4.5:-:::::: cpe:2.3:a:adobe:commerce:2.4.5:p10:::::: cpe:2.3:a:adobe:commerce:2.4.5:p11:::::: cpe:2.3:a:adobe:commerce:2.4.5:p12:::::: cpe:2.3:a:adobe:commerce:2.4.5:p13:::::: cpe:2.3:a:adobe:commerce:2.4.5:p14:::::: cpe:2.3:a:adobe:commerce:2.4.5:p15:::::: cpe:2.3:a:adobe:commerce:2.4.5:p1:::::: cpe:2.3:a:adobe:commerce:2.4.5:p2:::::: cpe:2.3:a:adobe:commerce:2.4.5:p3:::::: cpe:2.3:a:adobe:commerce:2.4.5:p4:::::: cpe:2.3:a:adobe:commerce:2.4.5:p5:::::: cpe:2.3:a:adobe:commerce:2.4.5:p6:::::: cpe:2.3:a:adobe:commerce:2.4.5:p7:::::: cpe:2.3:a:adobe:commerce:2.4.5:p8:::::: cpe:2.3:a:adobe:commerce:2.4.5:p9:::::: cpe:2.3:a:adobe:commerce:2.4.6:-:::::: cpe:2.3:a:adobe:commerce:2.4.6:p10:::::: cpe:2.3:a:adobe:commerce:2.4.6:p11:::::: cpe:2.3:a:adobe:commerce:2.4.6:p12:::::: cpe:2.3:a:adobe:commerce:2.4.6:p13:::::: cpe:2.3:a:adobe:commerce:2.4.6:p1:::::: cpe:2.3:a:adobe:commerce:2.4.6:p2:::::: cpe:2.3:a:adobe:commerce:2.4.6:p3:::::: cpe:2.3:a:adobe:commerce:2.4.6:p4:::::: cpe:2.3:a:adobe:commerce:2.4.6:p5:::::: cpe:2.3:a:adobe:commerce:2.4.6:p6:::::: cpe:2.3:a:adobe:commerce:2.4.6:p7:::::: cpe:2.3:a:adobe:commerce:2.4.6:p8:::::: cpe:2.3:a:adobe:commerce:2.4.6:p9:::::: cpe:2.3:a:adobe:commerce:2.4.7:-:::::: cpe:2.3:a:adobe:commerce:2.4.7:b1:::::: cpe:2.3:a:adobe:commerce:2.4.7:b2:::::: cpe:2.3:a:adobe:commerce:2.4.7:beta3:::::: cpe:2.3:a:adobe:commerce:2.4.7:p1:::::: cpe:2.3:a:adobe:commerce:2.4.7:p2:::::: cpe:2.3:a:adobe:commerce:2.4.7:p3:::::: cpe:2.3:a:adobe:commerce:2.4.7:p4:::::: cpe:2.3:a:adobe:commerce:2.4.7:p5:::::: cpe:2.3:a:adobe:commerce:2.4.7:p6:::::: cpe:2.3:a:adobe:commerce:2.4.7:p7:::::: cpe:2.3:a:adobe:commerce:2.4.7:p8:::::: cpe:2.3:a:adobe:commerce:2.4.8:-:::::: cpe:2.3:a:adobe:commerce:2.4.8:beta1:::::: cpe:2.3:a:adobe:commerce:2.4.8:beta2:::::: cpe:2.3:a:adobe:commerce:2.4.8:p1:::::: cpe:2.3:a:adobe:commerce:2.4.8:p2:::::: cpe:2.3:a:adobe:commerce:2.4.8:p3:::::: cpe:2.3:a:adobe:commerce:2.4.9:alpha1:::::: cpe:2.3:a:adobe:commerce:2.4.9:alpha2:::::: cpe:2.3:a:adobe:commerce:2.4.9:alpha3:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:-:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p10:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p11:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p12:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p13:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p14:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p15:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p16:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p1:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p2:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p3:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p4:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p5:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p6:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p7:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p8:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.3:p9:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:-:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p10:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p11:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p12:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p13:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p14:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p15:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p1:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p2:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p3:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p4:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p5:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p6:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p7:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p8:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.4:p9:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:-:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p10:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p11:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p12:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p13:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p1:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p2:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p3:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p4:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p5:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p6:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p7:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p8:::::: cpe:2.3:a:adobe:commerce_b2b:1.3.5:p9:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:-:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p1:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p2:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p3:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p4:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p5:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p6:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p7:::::: cpe:2.3:a:adobe:commerce_b2b:1.4.2:p8:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.2:-:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.2:p1:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.2:p2:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.2:p3:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha1:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha2:::::: cpe:2.3:a:adobe:commerce_b2b:1.5.3:alpha3:::::: cpe:2.3:a:adobe:magento:2.4.5:-:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p10:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p11:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p12:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p13:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p14:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p15:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p3:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p4:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p5:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p6:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p7:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p8:::open_source:::* cpe:2.3:a:adobe:magento:2.4.5:p9:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:-:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p10:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p11:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p12:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p13:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p3:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p4:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p5:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p6:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p7:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p8:::open_source:::* cpe:2.3:a:adobe:magento:2.4.6:p9:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:-:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:b1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:b2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:beta3:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p3:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p4:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p5:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p6:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p7:::open_source:::* cpe:2.3:a:adobe:magento:2.4.7:p8:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:-:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:beta1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:beta2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:p1:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:p2:::open_source:::* cpe:2.3:a:adobe:magento:2.4.8:p3:::open_source:::* cpe:2.3:a:adobe:magento:2.4.9:alpha3:::open_source:::*
Vendors & Products		Adobe commerce Adobe commerce B2b Adobe magento

Wed, 11 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 12:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Adobe Adobe adobe Commerce
Vendors & Products		Adobe Adobe adobe Commerce

Wed, 11 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a security feature bypass. A high-privileged attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restricted path. Exploitation of this issue does not require user interaction.
Title		Adobe Commerce \| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Weaknesses		CWE-22
References		https://helpx.adobe.com/security/products/magento/apsb26-05.html
Metrics		cvssV3_1 `{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}`

Subscriptions

Adobe Adobe Commerce Commerce Commerce B2b Magento

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2026-03-11T02:19:11.666Z

Updated: 2026-03-11T13:48:52.987Z

Reserved: 2025-12-12T22:01:18.206Z

Link: CVE-2026-21360

Vulnrichment

Updated: 2026-03-11T13:42:48.330Z

NVD

Status : Analyzed

Published: 2026-03-11T03:15:55.867

Modified: 2026-03-11T18:08:57.310

Link: CVE-2026-21360

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-20T14:38:18Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object