HIGH
givanz
CVE published 2026-05-15
CVE-2026-44826
CVE-2026-44826 is a high-severity input-validation flaw in Vvveb CMS affecting the cart-add endpoint. Prior to 1.0.8.2, a negative quantity value is accepted and then propagated through cart and checkout calculations, producing negative line totals, subtotals, taxes, and grand totals. The issue can surface in the merchant dashboard as a real order with a negative total, creating an integrity and financial [truncated]