CVE-2026-35496

Summary

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.

Affected Software

VendorProductVersion RangeStatus
CubeCart LimitedCubeCartprior to 6.6.0affected

Weaknesses

  • CWE-22: Improper limitation of a pathname to a restricted directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References