CVE-2026-23796

Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID for a victim and later hijack the authenticated session. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/posts/2026/02/CVE-2026-23796	Third Party Advisory
https://opensolution.org/sklep-internetowy-quick-cart.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:opensolution:quick.cart:6.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-02-05 12:16

Updated : 2026-02-19 18:31

NVD link : CVE-2026-23796

Mitre link : CVE-2026-23796

CVE.ORG link : CVE-2026-23796

JSON object : View

Products Affected

opensolution

quick.cart

CWE

CWE-384

Session Fixation

{"id": "CVE-2026-23796", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-05T12:16:01.743", "references": [{"url": "https://cert.pl/posts/2026/02/CVE-2026-23796", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://opensolution.org/sklep-internetowy-quick-cart.html", "tags": ["Product"], "source": "cvd@cert.pl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "Quick.Cart allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication.\u00a0This behaviour enables an attacker to fix a session ID\nfor a victim and later hijack the authenticated session.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."}, {"lang": "es", "value": "Quick.Cart permite que el identificador de sesi\u00f3n de un usuario se establezca antes de la autenticaci\u00f3n. El valor de este ID de sesi\u00f3n permanece igual despu\u00e9s de la autenticaci\u00f3n. Este comportamiento permite a un atacante fijar un ID de sesi\u00f3n para una v\u00edctima y luego secuestrar la sesi\u00f3n autenticada.\n\nEl proveedor fue notificado con antelaci\u00f3n sobre esta vulnerabilidad, pero no respondi\u00f3 con los detalles de la vulnerabilidad o el rango de versiones vulnerables. Solo la versi\u00f3n 6.7 fue probada y confirmada como vulnerable; otras versiones no fueron probadas y tambi\u00e9n podr\u00edan ser vulnerables."}], "lastModified": "2026-02-19T18:31:45.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opensolution:quick.cart:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0544991D-06F2-4207-BAA0-5045BC483E61"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}