CVE-2026-34018

EUVD-2026-23368
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
jpcertCNA
6.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
cubecartcubecart
𝑥
< 6.6.0
CNA
Common Weakness Enumeration
References
https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405
https://jvn.jp/en/jp/JVN78422311/