Sensitive Information Disclosure in Prestashop UPS Shipping Module
CVE-2026-39079

7.5HIGH

Key Information:

Vendor

Prestashop

Vendor
CVE Published:
18 May 2026

What is CVE-2026-39079?

A vulnerability exists within the Prestashop UPS Shipping Module that could allow a remote attacker to expose sensitive information. This issue affects all versions of the module up to and including version 2.4.0. Attackers may exploit this vulnerability by accessing specific components, namely /modules/upsshipping/logs/ and /modules/upsshipping/lib/UPSBaseApi.php, potentially leading to unauthorized information retrieval.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.