CVE-2026-35496

LOW 2.7

CVSS Score

2.7

EPSS Score

0.0%

EPSS Percentile

0th

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.

Vendor	cubecart limited
Product	cubecart
Published	Apr 17, 2026

Stay Ahead of the Next One

Get instant alerts for cubecart limited cubecart

Be the first to know when new low vulnerabilities affecting cubecart limited cubecart are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Affected Versions

CubeCart Limited / CubeCart

prior to 6.6.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.cubecart.com: https://community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62405 jvn.jp: https://jvn.jp/en/jp/JVN78422311/