A vulnerability classified as problematic was found in SimplCommerce . This affects an unknown function of the file /api/news-items of the component Form Handler . Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2026-9591 . It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.