Skip to main content

Commerce Realex Global Payments

1 CVEs product

Monthly

CVE-2026-13238 PHP MEDIUM PATCH This Month

Incorrect Authorization (CWE-863) in the Drupal Commerce Realex / Global Payments module exposes protected payment and order resources to forceful browsing, allowing unauthenticated remote attackers to access endpoints that should require authorization. All module versions from 0.0.0 through 3.0.2 (exclusive) are affected on Drupal Commerce deployments. No public exploit code has been identified and SSVC confirms no active exploitation at time of analysis, though the nature of a payment gateway module means successful access could expose order or transaction data.

Authentication Bypass Commerce Realex Global Payments
NVD VulDB
CVSS 3.1
4.8
EPSS
0.2%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Incorrect Authorization (CWE-863) in the Drupal Commerce Realex / Global Payments module exposes protected payment and order resources to forceful browsing, allowing unauthenticated remote attackers to access endpoints that should require authorization. All module versions from 0.0.0 through 3.0.2 (exclusive) are affected on Drupal Commerce deployments. No public exploit code has been identified and SSVC confirms no active exploitation at time of analysis, though the nature of a payment gateway module means successful access could expose order or transaction data.

Authentication Bypass Commerce Realex Global Payments
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy