A vulnerability was found in iscpcolissimo Colissimo Officiel Plugin up to 2.9.0. It has been declared as problematic. This issue affects the function updateShippingMethod of the component Shipping Method Handler. Executing a manipulation of the argument order_id can lead to improper authorization.

The identification of this vulnerability is CVE-2026-9240. The attack may be launched remotely. There is no exploit available.