{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-2347/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-2347"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["E-Commerce Website"],"_cs_severities":["critical"],"_cs_tags":["cve","cve-2026-2347","authorization bypass","session hijacking","ecommerce"],"_cs_type":"threat","_cs_vendors":["Akilli Commerce Software Technologies Ltd. Co."],"content_html":"\u003cp\u003eCVE-2026-2347 details an authorization bypass vulnerability affecting Akilli Commerce Software Technologies Ltd. Co.\u0026rsquo;s E-Commerce Website. The vulnerability, present in versions prior to 4.5.001, stems from a user-controlled key issue that enables session hijacking. An attacker could potentially exploit this vulnerability to gain unauthorized access to user accounts and sensitive data within the e-commerce platform. This is a critical vulnerability because it directly impacts the confidentiality and integrity of user sessions, potentially leading to financial loss, data breaches, and reputational damage for the affected e-commerce website.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an Akilli Commerce E-Commerce Website running a vulnerable version (\u0026lt;= 4.5.001).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to the website, manipulating the user-controlled key parameter.\u003c/li\u003e\n\u003cli\u003eThe manipulated key bypasses authorization checks on the e-commerce platform.\u003c/li\u003e\n\u003cli\u003eThe attacker obtains a valid session identifier, effectively hijacking an existing user session.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the web application using the hijacked session ID.\u003c/li\u003e\n\u003cli\u003eAttacker accesses sensitive information related to the compromised user account, such as personal details, order history, or payment information.\u003c/li\u003e\n\u003cli\u003eThe attacker performs actions on behalf of the victim, potentially making unauthorized purchases or modifying account settings.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-2347 allows an attacker to bypass authentication mechanisms and hijack user sessions. This could lead to the compromise of user accounts, theft of sensitive data, unauthorized transactions, and reputational damage for the affected e-commerce website. The impact is potentially widespread, affecting any user of a vulnerable Akilli Commerce E-Commerce Website.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Akilli Commerce E-Commerce Website to version 4.5.001 or later to patch CVE-2026-2347.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-2347 Exploitation Attempt via Modified Session Key\u0026rdquo; to monitor for attempts to exploit this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T10:17:24Z","date_published":"2026-05-14T10:17:24Z","id":"https://feed.craftedsignal.io/briefs/2026-05-akilli-auth-bypass/","summary":"CVE-2026-2347 describes an authorization bypass vulnerability through a user-controlled key in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website before version 4.5.001, which could lead to session hijacking.","title":"CVE-2026-2347 - Akilli Commerce E-Commerce Website Authorization Bypass via User-Controlled Key","url":"https://feed.craftedsignal.io/briefs/2026-05-akilli-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-2347","version":"https://jsonfeed.org/version/1.1"}