CVE-2026-47996

medium

Description

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. Scope is changed.

References

https://helpx.adobe.com/security/products/magento/apsb26-73.html

Details

Source: Mitre, NVD

Published: 2026-07-14

Updated: 2026-07-15

Risk Information

CVSS v2

Base Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.18502