CVE-2026-21447

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Bagisto versions prior to 2.3.10

Description An Insecure Direct Object Reference issue exists in the customer order reorder function. This allows authenticated customers to add items from another customer's order to their own shopping cart by manipulating the order ID parameter. This can expose sensitive purchase information and potentially enable fraud.

Recommendations Update to version 2.3.10 or later.

Exploit

Fix

Improper Access Control

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-639

Related Identifiers

CVE-2026-21447

GHSA-X5RW-QVVP-5CGM

Affected Products

Bagisto

CVE-2026-21447

Weakness Enumeration

Related Identifiers

Affected Products

References · 11