A vulnerability marked as critical has been reported in CubeCart up to 6.6.x . This vulnerability affects unknown code of the file /api/v1/files . The manipulation leads to unrestricted upload. This vulnerability is listed as CVE-2026-45053 . The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.