CYBERHAWK / CVE / CVE-2026-54390

CVE-2026-54390

CRITICAL CVSS 9.8 other

The flaw

JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied input passed to the Smarty template eng

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-54390

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-19 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits