CVE-2026-3714 | OpenCart 4.0.2.3 Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine

A vulnerability categorized as critical has been discovered in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability is listed as CVE-2026-3714. The attack may be performed from remote. There is no available exploit.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3714 | OpenCart 4.0.2.3 Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine

Post correlati

CVE-2023-53855 | Linux Kernel up to 6.1.45/6.4.10 net unbind dsa_tag_8021q_unregister assertion

CVE-2022-48634 | Linux Kernel up to 5.10.145/5.15.70/5.19.11/6.0 gma500 gma_crtc_page_flip stack-based overflow

CVE-2026-28497 | maximmasiutin TinyWeb up to 2.2 HTTP Request integer overflow (GHSA-rp8j-cx7r-mw9f)

CVE-2025-50484 | PHPGurukul Small CRM 3.0 /change-password.php session expiration