Adobe Commerce / Magento 2026 security patch schedule update ahead of 2.4.9

Adobe updates its 2026 patch release schedule

The previous plan had open placeholders suggesting that, along with twice-yearly definite patches, they might release monthly security patches as well. This new plan appears to have firmed up future security patch release dates along with some months in which no patches are expected.

Adobe Commerce May 2026 hotfix security patch

In line with this, we received notification of a ‘hotfix’ security patch on May 12th, which we have already rolled out for our support clients.

Site and server security is a rapidly evolving process, which will never stand still, but even in that light, we have seen an increase in recent activity. It’s crucial that as site owners, you protect your customers and brand by applying security updates as soon as it’s practical to do so.

Why Adobe Commerce security patching is critical

Is your developer keeping your site and server secure and up to date? If you want to gain more control over your security patching and upgrades, speak to us about our Support Plans and Fixed Cost Maintenance Plans.

Adobe Commerce 2026 security patch and release schedule

Although Adobe have provided a firmer schedule than was previously in place for 2026, we advise keeping in mind that the schedule could easily change again. If a critical patch is needed, it’s very unlikely that the ‘fallow’ months will stay that way.

Read more on Adobe’s policy on release schedule.

The release pattern to date, and as planned, can be summarised:

• No patches released or expected: January, February, April, and June 2026
• Security patches: March and May 2026
• Full upgrade release: May 12, 2026 - Adobe Commerce 2.4.9
• Anticipated further security patches: July 14, August 11, September 8, and October 13, 2026
• Potential releases (if urgent enough to break the holiday code freeze): November 10 and December 8, 2026

Adobe Commerce 2.4.9 release guidance

The main version update of 2.4.9 is almost entirely a bugfix release without new features, so in line with our policy of adopting new versions only after the first patch to that release, we are not urging clients to update yet.

That said, if you are currently running an unsupported version of Adobe Commerce or Open Source, or if you have specific bugs with your site that might be fixed by this release, get in touch with us for an estimate to upgrade.

For reference, if you’re on 2.4.5 or earlier, you’re already unsupported and at high security risk and should upgrade urgently.

If you’re on 2.4.6, you have until August 2026 – that's not far away, so again we would urge urgently commencing the upgrade process.

2.4.7 and upwards are supported until at least 2027, so we’d advise upgrading as part of planned ongoing maintenance, rather than as an urgent task.

Read more on Adobe’s policy on lifecycle planning.

Fixed cost Magento maintenance and support plans

Our fixed cost Magento maintenance plan is a cost-effective and convenient way of spreading the time, budget, and administration of the upgrade process. The plan is designed to help Magento store owners take a more proactive approach to platform maintenance, security patching, and version upgrades, without the uncertainty of unpredictable support costs.

By planning upgrades and maintenance as part of an ongoing support strategy, together we can reduce security risk, improve platform stability, and avoid the disruption that often comes with rushed or emergency upgrade projects.

If you would like advice on your current Adobe Commerce version, upgrade requirements, or ongoing maintenance strategy, get in touch with us to discuss our Magento support and maintenance plans.