Main Vulnerability Database Vulnerabilities #VU135169

Improper access control in Commerce Realex / Global Payments - CVE-2026-13238

Published: June 25, 2026

Vulnerability identifier: #VU135169

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-13238

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: stella

Affected software:
Commerce Realex / Global Payments

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently verify the authenticity of the payment response returned by Global Payments. A remote attacker can bypass implemented security restrictions and compromise the target system.

How to mitigate CVE-2026-13238

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2026-058

Improper access control in Commerce Realex / Global Payments - CVE-2026-13238

Detailed vulnerability description

How to mitigate CVE-2026-13238

Sources

Please verify you're human