CVE-2026-21450 – Bagisto has SSTI in parameter that can lead to RCE

CVE ID : CVE-2026-21450

Published : Jan. 2, 2026, 9:16 p.m. | 1 hour, 9 minutes ago

Description : Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-64123 – Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64122 – Nuvation Energy Multi-Stack Controller Private Key Stored on Device

CVE-2025-64121 – Nuvation Energy Multi-Stack Controller Authentication Bypass

CVE-2025-64120 – Nuvation Energy Multi-Stack Controller OS Command Injection