Auth bypass in Openmage Magento-lts

CVE-2026-40098

Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishl…

Vulnerability class: Broken Access Control

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Openmage Magento-lts — versions < 20.17.0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/OpenMage/magento-lts/security/advisories/GHSA-665x-ppc4-685w (x_refsource_CONFIRM)