CVE-2024-34102CISA KEVEPSS p100.0%

CVE-2024-34102Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability

Adobe / Commerce and Magento Open Source

Description

Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Scoring

EPSS99.99% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-07-17

(incoming)1

TypeTargetConfidenceTier
KEVEntryAdobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerabilitykev-cve-2024-341020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
CVE
Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE
CVE-2025-54254
CVE
CVE-2026-38429
CVE
CVE-2025-10713
CVE
CVE-2025-49535
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.