- 127/2026
- High
Adobe has released security updates to address multiple vulnerabilities affecting Adobe Commerce, Adobe Commerce B2B, and Magento open-source.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, manipulate data, perform denial-of-service or cross-site scripting attacks, or execute arbitrary code and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. Adobe Commerce Path Traversal Vulnerability (CVE-2026-34653):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Data Manipulation
2. Adobe Commerce Stored Cross-Site Scripting Vulnerability (CVE-2026- 34686):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2026-34645
- CVE-2026-34646
- CVE-2026-34647
- CVE-2026-34648
- CVE-2026-34649
- CVE-2026-34650
- CVE-2026-34651
- CVE-2026-34652
- CVE-2026-34686
- CVE-2026-34653
- CVE-2026-34654
- CVE-2026-34655
- CVE-2026-34656
- CVE-2026-34658
- CVE-2026-34685
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.