CVE-2026-3714 MEDIUM

CVE-2026-3714: OpenCart Incomplete Fix CVE-2024-36694 template.php save special elements used in a template engine

Vendor N/A

Product OpenCart

Weakness CWE-1336

Published March 8, 2026

Last update March 11, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

What the vulnerability does

Description

A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may be performed from remote. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

Disclosure timeline

March 8, 2026 CVE published

March 11, 2026 Record updated