Ghostwire

CVE-2026-34018: An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary...

MEDIUM CVSS 6.3 Exploit Available

Published: April 17, 2026 | Last Modified: April 17, 2026

Description

An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/624
jvn.jp/en/jp/JVN78422311/
www.tenable.com/cve/CVE-2026-34018
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-34018