{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/commerce-versions-2.4.6-p14/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-34650"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Commerce versions 2.4.9-beta1","Commerce versions 2.4.8-p4","Commerce versions 2.4.7-p9","Commerce versions 2.4.6-p14","Commerce versions 2.4.5-p16","Commerce versions 2.4.4-p17"],"_cs_severities":["medium"],"_cs_tags":["dos","resource-exhaustion","cve"],"_cs_type":"advisory","_cs_vendors":["Adobe"],"content_html":"\u003cp\u003eAdobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability, identified as CVE-2026-34650. This vulnerability allows an unauthenticated, remote attacker to exhaust system resources, leading to a denial-of-service (DoS) condition. The vulnerability exists due to improper resource management within the application. Successful exploitation can render the e-commerce platform unavailable, impacting business operations and potentially leading to financial losses. Given the widespread use of Adobe Commerce, this vulnerability poses a significant risk to online businesses if left unpatched.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an Adobe Commerce instance running a vulnerable version (2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 or earlier).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request designed to consume excessive server resources.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious request to a publicly accessible endpoint on the Adobe Commerce server.\u003c/li\u003e\n\u003cli\u003eThe Adobe Commerce application processes the malicious request without proper resource limits.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s CPU, memory, or disk I/O resources are gradually exhausted.\u003c/li\u003e\n\u003cli\u003eLegitimate user requests are delayed or fail due to resource starvation.\u003c/li\u003e\n\u003cli\u003eThe Adobe Commerce application becomes unresponsive, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eThe e-commerce platform is unavailable, preventing users from accessing the site and completing transactions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-34650 results in a denial-of-service condition, rendering the Adobe Commerce platform unavailable to legitimate users. The impact includes potential revenue loss due to interrupted sales, damage to brand reputation, and customer dissatisfaction. The severity of the impact depends on the duration of the outage and the volume of transactions processed by the affected e-commerce store. This vulnerability affects multiple versions of Adobe Commerce and can potentially impact a wide range of online businesses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Adobe Commerce to a patched version (later than 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17) to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests that may indicate an attempt to exploit CVE-2026-34650.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting and resource quotas on the Adobe Commerce server to mitigate the impact of resource consumption attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T20:20:18Z","date_published":"2026-05-12T20:20:18Z","id":"https://feed.craftedsignal.io/briefs/2026-05-adobe-commerce-dos/","summary":"Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are susceptible to an uncontrolled resource consumption vulnerability (CVE-2026-34650) that allows an unauthenticated attacker to cause a denial-of-service condition by exhausting system resources.","title":"Adobe Commerce Uncontrolled Resource Consumption Vulnerability (CVE-2026-34650)","url":"https://feed.craftedsignal.io/briefs/2026-05-adobe-commerce-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Commerce Versions 2.4.6-P14","version":"https://jsonfeed.org/version/1.1"}