Adobe Commerce Uncontrolled Resource Consumption Vulnerability (DoS) v<=2.4.9-beta1
CVE-2026-34648 Published on May 12, 2026
Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)
Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.
Vulnerability Analysis
CVE-2026-34648 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-34648 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-34648
stack.watch emails you whenever new vulnerabilities are published in Adobe Commerce or Adobe Commerce. Just hit a watch button to start following.
Affected Versions
Adobe Commerce:- Before and including 2.4.4-p17 is affected.