A vulnerability marked as critical has been reported in antiwork Gumroad. This affects an unknown function of the component PurchasesController. Performing a manipulation results in improper access controls.
This vulnerability is cataloged as CVE-2026-59805. It is possible to initiate the attack remotely. There is no exploit available.