What is CVE-2026-21450?

### Summary SSTI is possible in Bagisto via type parameter can lead to RCE and other exploitations. ### Details 1. Go to `http://127.0.0.1:8000/admin/reporting/products/view?type={{7*7}}` ### Impact Can lead to RCE, command injection.

What is the severity of CVE-2026-21450?

CVE-2026-21450 has a CVSS v3 score of 9.8, which is classified as Critical severity.

Is there an exploit available for CVE-2026-21450?

Yes, there are known exploits available for CVE-2026-21450. Immediate patching is recommended.

Is there a patch available for CVE-2026-21450?

Yes, patches are available for CVE-2026-21450. Check the vendor advisories for update instructions.

CVE-2026-21450 - CVE Details, Severity, and Analysis

CVE-2026-21450 - CVE Details, Severity, and Analysis | Strobes VI

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Webkul	Bagisto

Advisories

GitHub Advisory

NVD: Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue.