Improperly Controlled Dynamic Object Modification in Drupal AlternativeCommerce by Drupal
CVE-2026-9726
Currently unrated
Key Information:
- Vendor
Drupal
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-9726?
The vulnerability in Drupal's AlternativeCommerce module allows for improper control over dynamic object attributes, leading to potential object injection scenarios. Affected versions range from 0.0.0 to 2.1.17, highlighting the importance for users to update to more secure releases. Attackers exploiting this weakness could manipulate object attributes, potentially leading to unauthorized actions and data compromise. It is crucial for Drupal users to assess their implementations and apply necessary updates to mitigate the risks associated with this vulnerability.
Affected Version(s)
Drupal AlternativeCommerce (Basket) 0.0.0 < 2.1.17
