PT-2026-52171 · Packagist · Drupal/Commerce Realex

Published

2026-06-24

Updated

2026-06-24

CVE-2026-13238

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

This module enables you to take payments through the Global Payments / Realex Hosted Payment Page (HPP), either via a lightbox iframe or via a full-page redirect.

When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment response returned by Global Payments.

The lightbox payment method validates the signature and is not affected, so sites that use the lightbox payment method are not affected.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-13238

DRUPAL-CONTRIB-2026-058

Affected Products

Drupal/Commerce Realex

PT-2026-52171 · Packagist · Drupal/Commerce Realex

CVE-2026-13238

Related Identifiers

Affected Products

References · 2