Medium severity6.3NVD Advisory· Published Apr 21, 2026· Updated Apr 29, 2026
CVE-2026-6744
CVE-2026-6744
Description
A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and explains: "We already replied on the github advisories. All the security issues are addressed through security advisory. We will fix this in our upcomming releases."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bagisto/bagistoPackagist | <= 2.3.15 | — |
Affected products
1Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.