{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-34651/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-34651"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Commerce"],"_cs_severities":["medium"],"_cs_tags":["dos","cve-2026-34651","adobe commerce"],"_cs_type":"advisory","_cs_vendors":["Adobe"],"content_html":"\u003cp\u003eAdobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, and 2.4.4-p17 and earlier are susceptible to an uncontrolled resource consumption vulnerability. This flaw allows a remote, unauthenticated attacker to exhaust system resources, leading to a denial-of-service (DoS) condition. The vulnerability stems from inadequate limitations on resource allocation, enabling attackers to consume excessive memory, CPU, or disk I/O. Successful exploitation results in the application becoming unresponsive or crashing, impacting legitimate users. Defenders should prioritize patching vulnerable instances.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a publicly accessible endpoint within the Adobe Commerce application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request designed to trigger excessive resource consumption on the server.\u003c/li\u003e\n\u003cli\u003eThis request is sent to the targeted endpoint, bypassing any authentication or authorization checks.\u003c/li\u003e\n\u003cli\u003eUpon receiving the request, the Adobe Commerce application processes the data without proper resource limits.\u003c/li\u003e\n\u003cli\u003eThe application begins allocating excessive resources, such as memory or CPU time, in response to the malicious request.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats the process by sending multiple malicious requests.\u003c/li\u003e\n\u003cli\u003eSystem resources become significantly depleted, leading to a degradation of performance for legitimate users.\u003c/li\u003e\n\u003cli\u003eThe Adobe Commerce application becomes unresponsive or crashes, resulting in a denial-of-service condition.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to a complete denial of service, rendering the Adobe Commerce application unavailable to users. This can result in significant financial losses due to the inability to process transactions, reputational damage, and potential loss of customer trust. Given the widespread use of Adobe Commerce, a large number of e-commerce businesses are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Adobe Commerce to a patched version (later than 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17) to remediate the uncontrolled resource consumption vulnerability as described in CVE-2026-34651.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on critical API endpoints to mitigate the impact of resource exhaustion attacks.\u003c/li\u003e\n\u003cli\u003eMonitor system resource utilization (CPU, memory, disk I/O) on Adobe Commerce servers to detect anomalous behavior indicative of a denial-of-service attack.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect suspicious POST requests potentially exploiting CVE-2026-34651.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T20:20:32Z","date_published":"2026-05-12T20:20:32Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-34651-adobe-commerce-dos/","summary":"Adobe Commerce versions 2.4.9-beta1 and earlier are vulnerable to uncontrolled resource consumption, potentially leading to application denial-of-service due to an attacker's ability to exhaust system resources without user interaction.","title":"CVE-2026-34651 - Adobe Commerce Uncontrolled Resource Consumption Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-34651-adobe-commerce-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-34651","version":"https://jsonfeed.org/version/1.1"}