CVE-2026-48001

Summary

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction.

Affected Software

VendorProductVersion RangeStatus
AdobeAdobe Commerce0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18affected
AdobeAdobe Commerce2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-jul, 2.4.5-2026-jul, 2.4.4-2026-julunaffected
AdobeAdobe Commerce B2B0 <= 1.5.3, 1.5.2-p5, 1.4.2-p10, 1.3.4-p17, 1.3.3-p18affected
AdobeAdobe Commerce B2B1.5.3-2026-jul, 1.5.2-2026-jul, 1.4.2-2026-jul, 1.3.4-2026-jul, 1.3.3-2026-julunaffected
AdobeMagento Open Source0 <= 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15affected
AdobeMagento Open Source2.4.9-2026-jul, 2.4.8-2026-jul, 2.4.7-2026-jul, 2.4.6-2026-julunaffected
AdobeAdobe Commerce Webhooks Plugin0 <= 1.20.0affected
AdobeAdobe Commerce Webhooks Plugin1.21.0unaffected

Weaknesses

  • CWE-200: Information Exposure (CWE-200)

References