Bagisto · Bagisto · CVE-2026-21449
**Name of the Vulnerable Software and Affected Versions**
Bagisto versions prior to 2.3.10
**Description**
Bagisto, an open source Laravel eCommerce platform, has a server-side template injection issue. This issue occurs through the `first name` and `last name` fields submitted by a low-privilege user. The vulnerability allows for potential code execution on the server.
**Recommendations**
Update to version 2.3.10 or later.