CVE-2026-34018

· NIST NVD ↗

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.

CRITICAL
CVSS severity
9.8
CVSS base score
2026-04-17
Published

CWE codes

CWE-89

Affected products

cubecart:cubecart

Sources