CVE-2026-21719

EUVD-2026-23366
An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
jpcertCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cubecartcubecart
𝑥
< 6.6.0
CNA
Common Weakness Enumeration
References
https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405
https://jvn.jp/en/jp/JVN78422311/