[PaaS only]{class="badge informative" title="Applies to Adobe Commerce on Cloud projects (Adobe-managed PaaS infrastructure) and on-premises projects only."}

ACSD-68499: GraphQL updateCartItems mutation returns success for quantities beyond available stock

Last update: Tue Dec 09 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

Experienced
Admin
Developer

The ACSD-68499 patch fixes the issue where the GraphQL updateCartItems mutation returns an incorrect success response when updating quantities that exceed available stock, resulting in inflated quantities and totals. This patch is available when the Quality Patches Tool (QPT) 1.1.74 is installed. The patch ID is ACSD-68499. Please note that this issue is scheduled to be fixed in Adobe Commerce 2.4.9.

Affected products and versions

The patch is created for Adobe Commerce version:

Adobe Commerce (all deployment methods) 2.4.8-p2

Compatible with Adobe Commerce versions:

Adobe Commerce (all deployment methods) 2.4.4 - 2.4.8-p3

NOTE

The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

The GraphQL updateCartItems mutation in Adobe Commerce incorrectly returns success response when updating quantities beyond available stock, causing inflated cart totals and quantities.

Steps to reproduce:

Create an empty cart.
Add a product with limited stock (for example, 10 units available) to the cart.
Query the cart and note the cart_item_id.

Update the cart item quantity to 100 (exceeds available stock of 10) using the following mutation:

code language-none

code language-none
`mutation ($cart: String!, $cartItemId: Int!, $quantity: Float!) { updateCartItems( input: { cart_id: $cart cart_items: [{ cart_item_id: $cartItemId, quantity: $quantity }] } ) { cart { items { product { name } quantity } prices { grand_total { value currency } } } } }`

mutation ($cart: String!, $cartItemId: Int!, $quantity: Float!) {
  updateCartItems(
    input: {
      cart_id: $cart
      cart_items: [{ cart_item_id: $cartItemId, quantity: $quantity }]
    }
  ) {
    cart {
      items {
        product {
          name
        }
        quantity
      }
      prices {
        grand_total {
          value
          currency
        }
      }
    }
  }
}

Query the cart again to verify the actual quantity.

Expected results:

Stock validation prevents invalid quantity updates.

Actual results:

The updateCartItems mutation returns success response with a quantity of 100.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

Adobe Commerce or Magento Open Source on-premises: Quality Patches Tool > Usage in the Quality Patches Tool guide.
Adobe Commerce on cloud infrastructure: Upgrades and Patches > Apply Patches in the Commerce on Cloud Infrastructure guide.

To learn more about Quality Patches Tool, refer to:

Quality Patches Tool: A self-service tool for quality patches in the Tools guide.

recommendation-more-help

c2d96e17-5179-455c-ad3a-e1697bb4e8c3

ACSD-68499: GraphQL updateCartItems mutation returns success for quantities beyond available stock

Affected products and versions

Issue

Apply the patch

Related reading