CVE-2026-11764
Last modified
CVE-2026-11764 is a low-severity vulnerability rated 3.6/10 on the CVSS scale. When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. Therefore, it allows circumventing a permission boundary.
Metrics
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-11764?
How severe is CVE-2026-11764?
How do I fix CVE-2026-11764?
Are you affected by CVE-2026-11764?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST