Package impact
COMPOSER / openmage/magento-lts
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42155 | critical | — | 9.5 | 24d ago | Magento LTS has Weak API Session ID — Predictable MD5 of Time-Derived Inputs | |||
| CVE-2026-42207 | medium | 6.1 | 6.1 | 24d ago | Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` | |||
| CVE-2026-42458 | medium | — | 5.5 | 23d ago | Magento LTS: Reflected XSS - Import -> Data Flow (profiles) |