Product
A high-severity deserialization vulnerability, CVE-2026-14637, exists in the `getCartItems` function of `application/libraries/ShoppingCart.php` in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit `13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7`, allowing remote attackers to achieve arbitrary code execution by manipulating the `shopping_cart` argument, with public exploit disclosure raising immediate risk.