Cyber Resilience

CVE-2026-34654

MediumUpdated

Published: 12 May 2026

Published
12 May 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0011 28.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34654 is a medium-severity an unspecified weakness vulnerability in Adobe Commerce. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to…

more

a denial-of-service condition. Exploitation of this issue does not require user interaction.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Vulnerability in public-facing Adobe Commerce app enables remote exploitation for application DoS via component crash (T1190 + T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

Affected Assets

adobe
commerce
2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8 · ≤ 2.4.4
adobe
commerce b2b
1.3.3, 1.3.4, 1.4.2, 1.5.2, 1.5.3 · ≤ 1.3.3
adobe
magento
2.4.6, 2.4.7, 2.4.8, 2.4.9 · ≤ 2.4.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References