Documentation Adobe Support and Tools Guide

How to obtain and apply a security patch

Last update: Tue Feb 10 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Support

CREATED FOR:

User
Admin

NOTE

If you have an On-Premise installation and aren’t using version control systems like CVS or GitHub to manage your code, your web host might be able to assist with applying the patch. Feel free to reach out to them for support.

This article provides instructions on how to obtain and apply a security patch that has been released, but instructions are unavailable.

Affected products and versions

Adobe Commerce on-premise and cloud infrastructure - all supported versions

Cause

Most security patches are released without any isolated patch or hotfix to apply and will require upgrading to the security patch release.

Solution

Case I:

If an isolated patch file/hotfix is mentioned in the Release Notes, download the file from the download section of https://account.magento.com. Shared access users must first be given download privileges by the account owner/license holder.

Caveats:

If you are on an older version of Adobe Commerce (2.4.4), you will have automatically received Extended Support. Your version must be one of the following unsupported versions to be able to apply the latest available Security Patches:

2.4.4 - 2.4.4-p11

Unsupported versions (2.3.x, 2.4.0 - 2.4.3) are ineligible for support and you must first upgrade to a supported version to take advantage of the latest security fixes.

If you don’t have Extended Support, you may request Support to share the patches with you, but they won’t be able to resolve any issues/errors you may encounter when applying them.

Case II:

Isolated patches are only provided in exceptional cases, and it isn’t the preferred form of implementing security fixes.

If an isolated patch file/hotfix is not mentioned in the Release Notes:

Cloud:

Some security patches might be included/released in the latest version of Cloud Tools Suite (ECE Tools) under Cloud Patches for Commerce - check the Release Notes, and if a security fix is mentioned in the release, upgrade the package to that version.
If the Release Notes do not mention a security fix, continue reading.

Cloud infrastructure or On-Premise:
If an isolated patch file/hotfix is not available, upgrade the Adobe Commerce version on cloud infrastructure 2.4.X to the latest patch version 2.4.X-pY.
If an isolated patch file/hotfix is not available, upgrade the Adobe Commerce version On-Premise 2.4.X to the latest patch version 2.4.X-pY.

See Release notes for Commerce Cloud Tools Suite in the Adobe Commerce on Cloud Infrastructure Guide.
See Upgrade the Adobe Commerce version in the Adobe Commerce on Cloud Infrastructure Guide.

recommendation-more-help

e2a37011-2591-4d74-8e2f-286c51545491