CVE Weekly Report — Week of Jul 13 – July 19, 2026
2026-W29
16
Total CVEs
3
Critical
7
High
0
Actively exploited
🔴 Critical CVEs (3)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-48356 | Magento | 9.6 | — | Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbi… | Jul 14 |
| CVE-2026-13221 | Perl | 9.1 | — | Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 6553… | Jul 13 |
| CVE-2026-48358 | Magento | 9.1 | — | Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary co… | Jul 14 |
🟠 High CVEs (7)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-47994 | Magento | 8.7 | — | Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged… | Jul 14 |
| CVE-2026-47988 | Magento | 8.6 | — | Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A… | Jul 14 |
| CVE-2026-57432 | Perl | 8.4 | — | Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack… | Jul 13 |
| CVE-2026-47984 | Magento | 8.2 | — | Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A… | Jul 14 |
| CVE-2026-47995 | Magento | 8.1 | — | Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privilege… | Jul 14 |
| CVE-2026-47996 | Magento | 7.6 | — | Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A… | Jul 14 |
| CVE-2026-47992 | Magento | 7.2 | — | Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vu… | Jul 14 |
🟡 Medium CVEs (5)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-47997 | Magento | 5.9 | — | Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A… | Jul 14 |
| CVE-2026-47998 | Magento | 5.9 | — | Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A… | Jul 14 |
| CVE-2026-48371 | Magento | 5.4 | — | Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged… | Jul 14 |
| CVE-2026-47999 | Magento | 4.8 | — | Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privilege… | Jul 14 |
| CVE-2026-48000 | Magento | 4.3 | — | Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could result in a Security feature… | Jul 14 |
🔵 Low CVEs (1)
| CVE | Product | CVSS | KEV | Description | Published |
|---|---|---|---|---|---|
| CVE-2026-48001 | Magento | 3.7 | — | Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive… | Jul 14 |
