OS Command Injection Vulnerability in CubeCart by CubeCart Inc.
CVE-2026-21719

8.6HIGH

Key Information:

Vendor: Cubecart Limited
Status: Cubecart
Vendor: CVE Published:; 17 April 2026

🔔 Create Cubecart Limited Vulnerability Alert

What is CVE-2026-21719?

An OS command injection vulnerability exists in CubeCart, allowing users with administrative privileges to execute arbitrary OS commands. This could lead to significant security risks, compromising the integrity and security of the affected system. Users are encouraged to upgrade to the latest version, 6.6.0, to mitigate this vulnerability.

Affected Version(s)

CubeCart prior to 6.6.0

References

https://community.cubecart.com/t/cubecart-6-6-0-released-...

https://jvn.jp/en/jp/JVN78422311/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-21719 Data

JSON