Cyber Resilience

CVE-2026-34652

HighUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0011 28.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34652 is a high-severity an unspecified weakness vulnerability in Adobe Commerce. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to…

more

a denial-of-service condition. Exploitation of this issue does not require user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability directly enables application crash via exploitation of a vulnerable component, matching Endpoint DoS via Application or System Exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34650Same product: Adobe Commerce
CVE-2026-34651Same product: Adobe Commerce
CVE-2026-34649Same product: Adobe Commerce
CVE-2026-34648Same product: Adobe Commerce
CVE-2025-24415Same product: Adobe Commerce
CVE-2026-34653Same product: Adobe Commerce
CVE-2026-34686Same product: Adobe Commerce
CVE-2026-21284Same product: Adobe Commerce
CVE-2025-24410Same product: Adobe Commerce
CVE-2025-24438Same product: Adobe Commerce

Affected Assets

adobe
commerce
2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8 · ≤ 2.4.4
adobe
commerce b2b
1.3.3, 1.3.4, 1.4.2, 1.5.2, 1.5.3 · ≤ 1.3.3
adobe
magento
2.4.6, 2.4.7, 2.4.8, 2.4.9 · ≤ 2.4.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References