← Back to CVEs
CVE-2026-21295
LOW3.1
Description
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
CVE Details
CVSS v3.1 Score3.1
SeverityLOW
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionREQUIRED
Published3/11/2026
Last Modified3/11/2026
Sourcenvd
Honeypot Sightings0
Affected Products
adobe:commerceadobe:commerce_b2badobe:magento
Weaknesses (CWE)
CWE-601
References
https://helpx.adobe.com/security/products/magento/apsb26-05.html(psirt@adobe.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.