What is CVE-2026-35496?

CVE-2026-35496 is a low-severity vulnerability in Cubecart Limited, classified under Path Traversal. CVSS score: 2.7/10. Published 2026-04-17.

How severe is CVE-2026-35496?

Low severity. CVSS v3 base score is 2.7 out of 10.

Path Traversal in Cubecart Limited

CVE-2026-35496

A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Cubecart Limited — versions prior to 6.6.0

Weakness classification (CWE)

CWE-22 — Path Traversal

References

community.cubecart.com/t/cubecart-6-6-0-released-the-biggest-update-in-years/62…
jvn.jp/en/jp/JVN78422311/

Frequently asked questions

What is CVE-2026-35496?: CVE-2026-35496 is a low-severity vulnerability in Cubecart Limited, classified under Path Traversal. CVSS score: 2.7/10. Published 2026-04-17.
How severe is CVE-2026-35496?: Low severity. CVSS v3 base score is 2.7 out of 10.