Improper Input Validation in Adobe Commerce 2.4.9-alpha3 & prior leads to DoS
CVE-2026-21282 Published on March 11, 2026
Adobe Commerce | Improper Input Validation (CWE-20)
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability by providing specially crafted input, causing limited impact to application availability. Exploitation of this issue does not require user interaction.
Vulnerability Analysis
CVE-2026-21282 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-21282
stack.watch emails you whenever new vulnerabilities are published in Adobe Commerce or Adobe Commerce. Just hit a watch button to start following.
Affected Versions
Adobe Commerce:- Before and including 2.4.4-p16 is affected.