Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
CartFlows Missing Access Control Security Puts Sensitive Data at Risk
CVE-2026-39477
Summary
An outdated version of CartFlows has a security weakness that allows unauthorized access to sensitive data. If not updated, this could lead to an attacker accessing sensitive data, potentially causing financial loss or reputational damage. Update CartFlows to the latest version to address this issue.
Original title
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <=...
Original description
Missing Authorization vulnerability in Brainstorm Force CartFlows cartflows allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CartFlows: from n/a through <= 2.2.3.
Vulnerability type
CWE-862
Missing Authorization
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026