What is the CVSS score of CVE-2026-2347?

CVE-2026-2347 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of E-Commerce Website are affected by CVE-2026-2347?

Akilli Commerce E-Commerce Website versions before 4.5.001 contain a critical authorization bypass vulnerability (CVSS 9.8) that allows unauthenticated remote attackers to hijack user sessions and…. A patch is available.

E-Commerce Website CVE-2026-2347

EUVD-2026-30264 CRITICAL

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-05-14 TR-CERT

GHSA-q88p-27gr-q4g5

Authentication Bypass

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 14, 2026 - 11:01 EUVD

Analysis Generated

May 14, 2026 - 10:15 vuln.today

CVE Published

May 14, 2026 - 09:25 nvd

CRITICAL 9.8

DescriptionNVD

Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking.

This issue affects E-Commerce Website: before 4.5.001.

AnalysisAI

Authorization bypass in Akilli Commerce E-Commerce Website before 4.5.001 allows remote unauthenticated attackers to hijack user sessions through user-controlled key manipulation. The vulnerability enables complete system compromise with high impact to confidentiality, integrity, and availability. …

RemediationAI

Within 24 hours: Inventory all Akilli Commerce deployments and verify current version; immediately isolate any internet-facing instance of version 4.5.000 or earlier from production if feasible, or implement emergency network access restrictions. Within 7 days: Contact Akilli Commerce vendor directly to confirm patch timeline; deploy any intermediate security updates or vendor-provided mitigations; implement enhanced session monitoring and logging. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2347 vulnerability details – vuln.today

Back

E-Commerce Website CVE-2026-2347

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code