Skip to main content

Commerce Guest Registration

1 CVEs product

Monthly

CVE-2026-15089 PHP CRITICAL Act Now

Authentication bypass in the Drupal Commerce Guest Registration contributed module allows remote unauthenticated attackers to circumvent identity verification during the guest checkout/registration flow, per Drupal advisory SA-CONTRIB-2026-079. The CVSS 9.1 scoring (C:H/I:H) indicates an attacker can gain unauthorized access to or hijack account/order data without credentials or user interaction. No public exploit has been identified at time of analysis, and the low EPSS score (0.24%, 15th percentile) suggests exploitation is not yet widespread.

Authentication Bypass Commerce Guest Registration
NVD VulDB
CVSS 3.1
9.1
EPSS
0.2%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication bypass in the Drupal Commerce Guest Registration contributed module allows remote unauthenticated attackers to circumvent identity verification during the guest checkout/registration flow, per Drupal advisory SA-CONTRIB-2026-079. The CVSS 9.1 scoring (C:H/I:H) indicates an attacker can gain unauthorized access to or hijack account/order data without credentials or user interaction. No public exploit has been identified at time of analysis, and the low EPSS score (0.24%, 15th percentile) suggests exploitation is not yet widespread.

Authentication Bypass Commerce Guest Registration
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy