Commerce Guest Registration
Monthly
Authentication bypass in the Drupal Commerce Guest Registration contributed module allows remote unauthenticated attackers to circumvent identity verification during the guest checkout/registration flow, per Drupal advisory SA-CONTRIB-2026-079. The CVSS 9.1 scoring (C:H/I:H) indicates an attacker can gain unauthorized access to or hijack account/order data without credentials or user interaction. No public exploit has been identified at time of analysis, and the low EPSS score (0.24%, 15th percentile) suggests exploitation is not yet widespread.
Authentication bypass in the Drupal Commerce Guest Registration contributed module allows remote unauthenticated attackers to circumvent identity verification during the guest checkout/registration flow, per Drupal advisory SA-CONTRIB-2026-079. The CVSS 9.1 scoring (C:H/I:H) indicates an attacker can gain unauthorized access to or hijack account/order data without credentials or user interaction. No public exploit has been identified at time of analysis, and the low EPSS score (0.24%, 15th percentile) suggests exploitation is not yet widespread.