CVE-2026-40098 | OpenMage magento-lts up to 20.16.x Download Endpoint sharing_code authorization (GHSA-665x-ppc4-685w)

A vulnerability, which was classified as critical, was found in OpenMage magento-lts up to 20.16.x. The impacted element is an unknown function of the component Download Endpoint. The manipulation of the argument sharing_code results in missing authorization.

This vulnerability is reported as CVE-2026-40098. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More