Security Advisories - openmage/magento-lts - Packagist.org

openmage/magento-lts Security Advisories for v20.17.0 (3)

[MEDIUM] Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

PKSA-j61z-h6ts-jp8k CVE-2026-42458 GHSA-x8jv-q8j2-487c

Affected version: <=20.17.0

Reported by:
GitHub
[MEDIUM] Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()`

PKSA-3c4m-s9d4-ycyr CVE-2026-42207 GHSA-qpgq-5g92-j5q8

Affected version: <=20.17.0

Reported by:
GitHub
[CRITICAL] Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs

PKSA-qjnm-jjkr-qktb CVE-2026-42155 GHSA-2cwr-gcf9-pvxr

Affected version: <=20.17.0

Reported by:
GitHub