Product
A high-severity path traversal vulnerability (CVE-2026-14635) has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap versions up to commit 222ff31c066, allowing remote attackers to access or modify arbitrary files by manipulating the 'folder' argument in the Vendor Multi-Image Endpoint, with a public exploit available.