A vulnerability classified as critical has been found in CubeCart up to 6.7.1 . Impacted is the function User::passwordRequest of the file /index.php?_a=recover of the component Request Header Handler . This manipulation causes weak password recovery. This vulnerability is registered as CVE-2026-45055 . Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.