Checkout Process Vulnerability in Vvveb CMS by Givanz
CVE-2026-46408

7.6HIGH

Key Information:

Vendor: Givanz
Status: Vvveb
Vendor: CVE Published:; 15 May 2026

What is CVE-2026-46408?

The Vvveb CMS, developed by Givanz, has a vulnerability in its checkout functionality where the checkout endpoint accepts a user-controlled cart_id without validating the ownership of the cart. This flaw allows a logged-in attacker to exploit the system by using another user's cart data during their own checkout session. This security issue compromises the integrity of the payment flow and may lead to unauthorized transactions. The vulnerability has been addressed in version 1.0.8.3.

Affected Version(s)

Vvveb < 1.0.8.3

References

https://github.com/givanz/Vvveb/security/advisories/GHSA-...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46408 Data

JSON