Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-34650EXPLOITEDPATCHED

adobe · adobe commerce

Adobe Commerce | Uncontrolled Resource Consumption (CWE-400)

Description

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction.

Affected Products

Vendor	Product	Versions
adobe	adobe commerce	0

References

https://helpx.adobe.com/security/products/magento/apsb26-49.html(vendor-advisory)

Related News (2 articles)

Tier B

CERT-FR4d ago

Multiples vulnérabilités dans les produits Adobe (13 mai 2026)

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-34650 | Adobe Commerce resource consumption (apsb26-49)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

https://helpx.adobe.com/security/products/magento/apsb26-49.html

CWECWE-400

PublishedMay 12, 2026

Last enriched4d agov2

Trending Score36

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34681EXP

Substance3D - Designer | Out-of-bounds Write (CWE-787)

HIGHCVE-2026-34637EXP

Premiere Pro | Out-of-bounds Write (CWE-787)

HIGHCVE-2026-34643EXP

After Effects | Out-of-bounds Write (CWE-787)

HIGHCVE-2026-34639EXP

Media Encoder | Out-of-bounds Write (CWE-787)

HIGHCVE-2026-34687EXP

Illustrator | Heap-based Buffer Overflow (CWE-122)

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 12, 2026

Discovered by ZDM

May 12, 2026

Updated: description, severity, activelyExploited

May 12, 2026

Actively Exploited

May 13, 2026

Patch Available

May 13, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated description with new details, changed severity to MEDIUM, and marked the vulnerability as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v14d ago

Initial creation