A vulnerability categorized as critical has been discovered in Drupal AlternativeCommerce up to 2.1.16. This vulnerability affects unknown code of the component Object Attribute Handler. Executing a manipulation can lead to injection.

The identification of this vulnerability is CVE-2026-9726. The attack may be launched remotely. There is no exploit available.