CVE-2026-11764EPSS p13.5%

CVE-2026-11764CVE-2026-11764

Description

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. Therefore, it allows circumventing a permission boundary.

Scoring

EPSS0.23% probability of exploitation · percentile 13.5% · 2026-06-18T12:00:27Z
Last modified2026-06-09

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35467
CVE
CVE-2025-10681
CVE
CVE-2026-49202
CVE
CVE-2026-41978
CVE
CVE-2026-41964
CVE
CVE-2026-41980
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.