Magecore

Guide

Adobe Commerce / Magento 2.4.5 and 2.4.6 leave support in August 2026: what should you do now?

By Marcio Maciel · Co-founder · Digital Business Engineering

Published July 17, 2026

In August 2026, critical support milestones hit Adobe Commerce / Magento 2.4.5 and 2.4.6: Adobe Commerce 2.4.5 extended support and 2.4.6 standard support end around August 11 and 12. Magento Open Source has no equivalent extended support tier. Staying on these versions without an upgrade plan exposes the operation to security, PCI, and reactive-cost risk. The first step is not switching platforms: it is mapping the real state and choosing among an upgrade to the latest release, architecture modernization, or temporary containment with a hard deadline, with numbers.

What August 2026 means in practice

Adobe's lifecycle policy separates standard support, extended support (Adobe Commerce), and, for some release lines, a security-only transitional period. Official dates differ by distribution and by environment.

On Adobe Commerce, extended support for 2.4.5 ends on August 12, 2026; standard support for 2.4.6 ends on August 11, 2026, with extended support through August 30, 2027 and a security-only period through May 31, 2028. Magento Open Source has no equivalent extended tier: 2.4.5 is already outside the full cycle, and 2.4.6 follows the August 2026 milestone.

Adobe Commerce on Cloud also has version upgrade enforcement dates (for example, June 2027 for the 2.4.5 line and June 2028 for 2.4.6). On-premise and Open Source do not share the same Cloud decommissioning mechanism, but security and compliance risk remain: without official patches, exposure grows.

P&L risks: security, PCI, and reactive cost

An unpatched version is not just technical debt. It is financial risk: security incidents, PCI audit failures, privacy exposure, and reactive containment hours that compete with commercial roadmap.

Public cases such as SessionReaper (CVE-2025-54236) illustrate the pattern: critical Adobe Commerce / Magento vulnerabilities require a fast patch or upgrade. On a line without full support, the window between disclosure and official remediation shrinks or disappears, and response cost rises.

  • CVE without an official patch: prolonged exposure and improvised mitigation cost
  • PCI and audits: outdated stack makes continuous-control evidence harder
  • Privacy and continuity: a checkout or customer-data incident becomes revenue and reputation impact
  • Reactive cost: firefighting and manual hotfixes usually cost more than a planned upgrade

Three paths (no fixed migration deadline)

There is no single migrate-by-this-date rule for every operation. There is rising risk and options with clear trade-offs. The most common path Magecore executes is a controlled upgrade on the same Adobe Commerce / Magento line.

  • A) Upgrade to a supported version on the same Adobe Commerce / Magento line (Cloud or on-premise): move to the latest release with a risk, regression, and P&L impact plan. This is the service Magecore most often delivers in these scenarios.
  • B) Architecture modernization or migration: only when the assessment shows an upgrade alone will not fix the problem (structural debt, a monolith that limits margin, or a distribution unfit for the business size).
  • C) Temporary containment with a hard deadline: isolated patches, WAF, and compensating controls while the upgrade is prepared. This is not a long-term strategy; it needs an explicit deadline and board ownership.

Assessment before choosing the path

Deciding in the dark (rushed upgrade, premature migration, or status quo) swaps a visible risk for an invisible one. The Precision Assessment maps the real version, applied patches, dependencies (PHP, database, extensions), security exposure, and reactive TCO in real currency.

The deliverable does not assume a platform migration. The recommendation may be optimize, maintain with dated containment, upgrade the version, modernize architecture, or, if the business size does not fit the ecosystem, another path. The point is to choose with numbers, not RFP pressure.

This week's checklist

If the operation still runs Adobe Commerce / Magento 2.4.5 or 2.4.6, these steps fit this week without waiting for a large project:

  • Confirm exact version, patch level, and whether the environment is Cloud, on-premise, or Magento Open Source
  • List security patches applied in the last 12 months and known gaps
  • Map critical dependencies (PHP, database, custom extensions) and what blocks an upgrade
  • Estimate current reactive cost (incidents, containment hours, PCI risk) versus the order of magnitude of an upgrade
  • Schedule a free diagnostic or assessment to choose among upgrade, modernization, or containment with a hard deadline

Related questions

I'm still on Adobe Commerce / Magento 2.4.5. Do I face real risk if I don't upgrade now?

Yes. On Adobe Commerce, extended support for 2.4.5 ends in August 2026; Magento Open Source has no equivalent extended tier, and 2.4.5 is already outside the full official patch cycle. Without an upgrade plan, security, PCI, and reactive-cost risk rise over time.

The most common path is not a platform migration: it is a controlled upgrade to the latest supported Adobe Commerce / Magento release (Cloud or on-premise), with a risk plan and P&L impact. Temporary containment only makes sense with an explicit deadline. An assessment maps the real state before you choose the path.

View in FAQ

What is a "precision assessment" and what does it deliver?

It is an AI-assisted multidimensional diagnostic that identifies margin leaks and technical debt in Adobe Commerce / Magento operations, delivered in 1 to 3 weeks.

The deliverable includes a map of invisible costs, prioritized interventions with financial impact, and a clear recommendation: migrate, optimize, or keep the current platform.

View in FAQ