High severity8.7NVD Advisory· Published May 12, 2026· Updated May 20, 2026
CVE-2026-34653
CVE-2026-34653
Description
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system read and write. An authenticated attacker with administrative privileges could exploit this vulnerability to read or write files outside the restricted directory. Exploitation of this issue does not require user interaction. Scope is changed.
Affected products
1- Range: <=2.4.4-p17, 2.4.5-p16, 2.4.6-p14, 2.4.7-p9, 2.4.8-p4, 2.4.9-beta1
Patches
Vulnerability mechanics
References
1- helpx.adobe.com/security/products/magento/apsb26-49.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.