CVE-2026-42458

Summary

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel -> System -> Import/Export -> Dataflow - Profiles. This vulnerability is fixed in 20.18.0.

Affected Software

VendorProductVersion RangeStatus
OpenMagemagento-lts< 20.18.0affected

Weaknesses

  • CWE-87: CWE-87: Improper Neutralization of Alternate XSS Syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References