Product
An unauthenticated PHP Object Injection vulnerability, tracked as CVE-2026-54159, affects the PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3, allowing attackers to craft malicious serialized PHP objects in URL parameters that, upon deserialization, result in arbitrary file writes and remote code execution on the server.