CVE-2026-9726

ANALYSIS PENDING

Drupal AlternativeCommerce (Basket) - Highly critical - Arbitrary PHP code execution - SA-CONTRIB-2026-038

Title source: cna
STIX 2.1

Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal AlternativeCommerce (Basket) allows Object Injection. This issue affects Drupal AlternativeCommerce (Basket) versions: from 0.0.0 to 2.1.17.

References (1)

Core 1

Scores

EPSS 0.0016
EPSS Percentile 5.7%

Details

CWE
CWE-915
Status published
Products (1)
Drupal/Drupal AlternativeCommerce (Basket) 0.0.0 - 2.1.17
Published Jul 10, 2026
Tracked Since Jul 11, 2026