4 matches found
CVE-2026-25523
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
CVE-2026-25523 Magento's X-Original-Url header can expose admin url
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
CVE-2026-25523 Magento's X-Original-Url header can expose admin url
Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by exploiting the X-Original-Url header on some configurations. This issue has been patched in version 20.16.1...
PT-2026-6312
Name of the Vulnerable Software and Affected Versions Magento-lts versions prior to 20.16.1 Description Magento-lts is a long-term support alternative to Magento Community Edition CE. Prior to version 20.16.1, the admin URL can be discovered without prior knowledge of its location by exploiting t...