CVE-2026-34654
Adobe Commerce | Dependency on Vulnerable Third-Party Component (CWE-1395)
In short
Adobe Commerce contains a vulnerable third-party component that attackers can exploit to crash the application without any user interaction, causing service disruption.
Technical detail
The vulnerability exists in a third-party dependency (CWE-1395) integrated into affected Adobe Commerce versions. An unauthenticated attacker can trigger a denial-of-service condition by exploiting this component flaw, resulting in application unavailability. No user interaction is required for exploitation.
Summary generated and translated by AI from the official description.
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
Adobe · Adobe CommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →