How severe is CVE-2023-26366?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2023-26366?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2023-26366 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary.

Related Vulnerabilities

CVE-2021-37940

MEDIUM

CVSS:6.8(Medium)

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious...

CWE-9182021

CVE-2024-29090

MEDIUM

CVSS:6.8(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.

CWE-9182024

CVE-2024-8952

MEDIUM

CVSS:6.8(Medium)

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT endpoint. This vulnerability al...

CWE-9182024

CVE-2025-22474

MEDIUM

CVSS:6.8(Medium)

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A high privileged attacker with remote access could po...

CWE-9182025

CVE-2025-25827

MEDIUM

CVSS:6.8(Medium)

A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

CWE-9182025

CVE-2025-32675

MEDIUM

CVSS:6.8(Medium)

Server-Side Request Forgery (SSRF) vulnerability in QuantumCloud SEO Help allows Server Side Request Forgery. This issue affects SEO Help: from n/a through 6.6.0.

CWE-9182025