CVE-2026-11462

HIGH

Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization

Title source: cna

Description

A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the component Stripe Plugin. Performing a manipulation of the argument Request results in improper authorization. The attack can be initiated remotely. The exploit has been made public and could be used. The patch is named 6719e0fc690ea0a998452092862e0f0a17c65968. It is suggested to install a patch to address this issue.

References (6)

Core 6

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-369082 | Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization

https://vuldb.com/vuln/369082

Signature, Permissions Required signature permissions-required

VDB-369082 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369082/cti

Third Party Advisory third-party-advisory

CVE-2026-11462 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11462

Third Party Advisory third-party-advisory

Submit #831466 | BeikeShop 1.6.0 Design/Logic Flaw

https://vuldb.com/submit/831466

Exploit exploit

https://github.com/nuiifornet/BeikeShop-Vulnerability/blob/main/README.md

View Exploit ZIP pw:eip

Patch patch

https://github.com/beikeshop/beikeshop/commit/6719e0fc690ea0a998452092862e0f0a17c65968

View Patch ZIP pw:eip

Scores

CVSS v3 7.3

EPSS 0.0029

EPSS Percentile 20.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (23)

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.0

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.1

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.10

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.11

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.12

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.13

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.14

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.15

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.16

Chengdu Everbrite Network Technology/BeikeShop 1.6.0.17

... and 13 more

Published Jun 07, 2026

Tracked Since Jun 08, 2026