Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
CubeCart Access to Sensitive Data via Misleading URLs
CVE-2026-35496
Summary
A security weakness in CubeCart versions older than 6.6.0 allows administrators to potentially access files they shouldn't. This could lead to unauthorized access to sensitive data. Update to version 6.6.0 or later to fix this issue.
Original title
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
Original description
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.
nvd CVSS3.0
2.7
nvd CVSS4.0
5.1
Vulnerability type
CWE-22
Path Traversal
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 17 Apr 2026