CVE-2026-23796

Name of the Vulnerable Software and Affected Versions Quick.Cart version 6.7 Quick.Cart (affected versions not specified)

Description A user's session identifier can be set before authentication in Quick.Cart. The session ID remains consistent even after authentication, allowing an attacker to fixate a session ID for a victim and subsequently hijack the authenticated session. The vendor was notified of this issue but did not provide details regarding vulnerable version ranges.

Recommendations Apply a fix for Quick.Cart version 6.7. At the moment, there is no information about a newer version that contains a fix for this vulnerability.