PatchSiren cyber security CVE debrief
CVE-2026-14635 kirilkirkov CVE debrief
A path traversal vulnerability has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. The issue affects the Vendor Multi-Image Endpoint in the file application/modules/vendor/controllers/AddProduct.php. Specifically, the argument folder is vulnerable to manipulation, allowing for path traversal attacks. The vulnerability can be exploited remotely. The exploit has been publicly released and may be used for attacks. The product uses a rolling release for continuous delivery, so no version details for affected or updated releases are available.
- Vendor
- kirilkirkov
- Product
- Ecommerce-CodeIgniter-Bootstrap
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Defenders of systems using kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b should prioritize patching this vulnerability. Given the public availability of the exploit, immediate action is recommended to prevent potential attacks.
Technical summary
The CVE-2026-14635 vulnerability is a path traversal issue in the Vendor Multi-Image Endpoint of kirilkirkov Ecommerce-CodeIgniter-Bootstrap. The vulnerability exists in the AddProduct.php file within the application/modules/vendor/controllers directory. An attacker can manipulate the 'folder' argument to traverse the file system. This vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity. The vulnerability can be exploited remotely, and a public exploit is available.
Defensive priority
High priority should be given to applying the patch (2a9497ff11f36e573ad99e1c357ff0e6ded49745) to prevent exploitation of CVE-2026-14635. Defenders should ensure that the patch is applied as soon as possible due to the public availability of the exploit.
Recommended defensive actions
- Apply the patch 2a9497ff11f36e573ad99e1c357ff0e6ded49745 to the affected system.
- Review system logs for any suspicious activity related to the Vendor Multi-Image Endpoint.
- Implement additional monitoring to detect potential exploitation attempts.
- Consider restricting access to the Vendor Multi-Image Endpoint if possible.
- Verify that the rolling release model is properly configured and up-to-date.
Evidence notes
The CVE-2026-14635 vulnerability details are based on information from Vuldb and the NVD. The vulnerability affects kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. The patch 2a9497ff11f36e573ad99e1c357ff0e6ded49745 has been provided to fix the issue. However, due to the rolling release model, specific version details for affected or updated releases are not available.
Official resources
This article is AI-assisted and based on the supplied source corpus.