What is CVE-2026-6745?

CVE-2026-6745 is a low-severity vulnerability in Bagisto, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-04-21.

How severe is CVE-2026-6745?

Low severity. CVSS v3 base score is 3.5 out of 10.

RCE in Bagisto

CVE-2026-6745

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

N/a Bagisto — versions 2.3.0, 2.3.1, 2.3.2

Weakness classification (CWE)

References

VDB-358436 | Bagisto Custom Scripts cross site scripting (vdb-entry)
VDB-358436 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
Submit #794681 | bagisto v2.3.15 Cross Site Scripting (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2026-6745?: CVE-2026-6745 is a low-severity vulnerability in Bagisto, classified under Cross-site Scripting. CVSS score: 3.5/10. Published 2026-04-21.
How severe is CVE-2026-6745?: Low severity. CVSS v3 base score is 3.5 out of 10.