CVE-2026-47742: Panel authz bypass lets any user

Q: Is CVE-2026-47742 actively exploited?

No confirmed active exploitation of CVE-2026-47742 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-47742?

1. Patch: Upgrade shopper/framework to 2.8.0, which adds authorization enforcement on `store()` and applies `#[Locked]` to Livewire public product ID properties. 2. Verify: After patching, confirm each sub-form component (Edit, Inventory, Seo, Shipping, Files) enforces `edit_products` authorization server-side — do not rely solely on UI-layer role checks. 3. Workaround (if patching blocked): Restrict admin panel access to trusted IP ranges via WAF or firewall; reduce panel accounts to minimum necessary roles immediately. 4. Detection: Audit admin panel access logs for product mutations by users without `edit_products`; inspect WAF/proxy logs for anomalous Livewire wire payload modifications (altered product_id values across requests). 5. Downstream AI integrity: If Shopper feeds ML pipelines, compare current catalog state against last known-good snapshot to identify unauthorized mutations before the next training or inference cycle.

Q: What systems are affected by CVE-2026-47742?

This vulnerability affects the following AI/ML architecture patterns: E-commerce admin panels with role-based access control, AI-powered product recommendation pipelines, Dynamic pricing ML systems, Inventory optimization and demand forecasting AI, Multi-role admin panel deployments with shared catalog management.

Q: What is the CVSS score for CVE-2026-47742?

CVE-2026-47742 has a CVSS v3.1 base score of 6.5 (MEDIUM). The EPSS exploitation probability is 0.03%.

CISO Take

CVE-2026-47742 is a missing authorization flaw in Shopper's Livewire sub-form components (Edit, Inventory, SEO, Shipping, Files) that allows any authenticated admin panel user — regardless of role — to overwrite product pricing, stock levels, SEO metadata, shipping dimensions, and attached media. More critically, the unguarded `store()` method accepts arbitrary product IDs via client-side wire payload tampering, meaning an attacker can target products entirely outside their legitimate scope. With 475 downstream dependents, a High integrity CVSS score (AV:N/AC:L/PR:L/UI:N), and an EPSS in the 91st percentile, the flaw is both widely distributed and structurally easy to exploit — no public PoC or KEV listing exists yet, but the bar for exploitation is a browser and a valid low-privilege account. In AI/ML-integrated deployments where Shopper feeds recommendation engines, dynamic pricing models, or inventory optimization systems, unauthorized catalog mutations can silently corrupt the ground-truth data those pipelines ingest. Upgrade to shopper/framework 2.8.0 immediately; if patching is blocked, restrict panel access to trusted networks and audit product mutation logs for users lacking the `edit_products` role.

Sources: NVD EPSS GitHub Advisory ATLAS OpenSSF

What is the risk?

MEDIUM overall, elevated to HIGH for multi-role or multi-tenant deployments. Attack complexity is low with no special conditions required; any valid panel session is sufficient. The integrity impact is High — pricing and inventory manipulation can cause direct financial harm. The 91st-percentile EPSS placement is notable despite the low absolute score (0.029%), reflecting the structural ease of exploitation post-authentication. Insider threat and compromised low-privilege accounts are the primary risk vectors. Absence of CISA KEV listing and no confirmed public exploit reduce immediate urgency, but the pattern (client-controlled object reference without server-side authorization) is well-understood and trivially weaponizable.

How does the attack unfold?

Initial Access

Attacker authenticates to the Shopper admin panel using any valid low-privilege account (e.g., support or analyst role with no product edit rights).

AML.T0012

Payload Tampering

Attacker intercepts the Livewire wire payload via browser developer tools or a proxy, replacing the unprotected product_id property with the ID of an arbitrary target product.

AML.T0049

Unauthorized Mutation

The unguarded store() method processes the tampered request without authorization checks, overwriting pricing, stock, SEO metadata, or media on the target product.

Impact

Corrupted catalog data propagates to downstream ML systems (recommendation engines, dynamic pricing models), causing financial harm and silently degrading AI-driven business decisions.

AML.T0048.000

Initial Access

Attacker authenticates to the Shopper admin panel using any valid low-privilege account (e.g., support or analyst role with no product edit rights).

AML.T0012

Payload Tampering

Attacker intercepts the Livewire wire payload via browser developer tools or a proxy, replacing the unprotected product_id property with the ID of an arbitrary target product.

AML.T0049

Unauthorized Mutation

The unguarded store() method processes the tampered request without authorization checks, overwriting pricing, stock, SEO metadata, or media on the target product.

Impact

Corrupted catalog data propagates to downstream ML systems (recommendation engines, dynamic pricing models), causing financial harm and silently degrading AI-driven business decisions.

AML.T0048.000

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Panel	composer	< 2.8.0	`2.8.0`
5.7K OpenSSF 6.5 479 dependents Pushed 3d ago 90% patched ~4d to patch Full package profile →

Do you use Panel? You're affected.

How severe is it?

CVSS 3.1

6.5 / 10

EPSS

0.0%

chance of exploitation in 30 days

Higher than 9% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR Low

UI None

S Unchanged

C None

I High

A None

What should I do?

5 steps

Patch: Upgrade shopper/framework to 2.8.0, which adds authorization enforcement on store() and applies #[Locked] to Livewire public product ID properties.
Verify: After patching, confirm each sub-form component (Edit, Inventory, Seo, Shipping, Files) enforces edit_products authorization server-side — do not rely solely on UI-layer role checks.
Workaround (if patching blocked): Restrict admin panel access to trusted IP ranges via WAF or firewall; reduce panel accounts to minimum necessary roles immediately.
Detection: Audit admin panel access logs for product mutations by users without edit_products; inspect WAF/proxy logs for anomalous Livewire wire payload modifications (altered product_id values across requests).
Downstream AI integrity: If Shopper feeds ML pipelines, compare current catalog state against last known-good snapshot to identify unauthorized mutations before the next training or inference cycle.

What does CISA's SSVC say?

Decision Track

Exploitation none

Automatable No

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Auth Bypass Framework AML.T0012 - Valid Accounts AML.T0048.000 - Financial Harm AML.T0049 - Exploit Public-Facing Application

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Article 9 - Risk management system

ISO 42001

A.6.1 - Roles and responsibilities for AI systems

NIST AI RMF

GOVERN 2.1 - Policies, processes, procedures, and practices across the organization related to the mapping, measuring, and managing of AI risks are in place

OWASP LLM Top 10

LLM03 - Training Data Poisoning

Frequently Asked Questions

What is CVE-2026-47742?

CVE-2026-47742 is a missing authorization flaw in Shopper's Livewire sub-form components (Edit, Inventory, SEO, Shipping, Files) that allows any authenticated admin panel user — regardless of role — to overwrite product pricing, stock levels, SEO metadata, shipping dimensions, and attached media. More critically, the unguarded `store()` method accepts arbitrary product IDs via client-side wire payload tampering, meaning an attacker can target products entirely outside their legitimate scope. With 475 downstream dependents, a High integrity CVSS score (AV:N/AC:L/PR:L/UI:N), and an EPSS in the 91st percentile, the flaw is both widely distributed and structurally easy to exploit — no public PoC or KEV listing exists yet, but the bar for exploitation is a browser and a valid low-privilege account. In AI/ML-integrated deployments where Shopper feeds recommendation engines, dynamic pricing models, or inventory optimization systems, unauthorized catalog mutations can silently corrupt the ground-truth data those pipelines ingest. Upgrade to shopper/framework 2.8.0 immediately; if patching is blocked, restrict panel access to trusted networks and audit product mutation logs for users lacking the `edit_products` role.

Is CVE-2026-47742 actively exploited?

No confirmed active exploitation of CVE-2026-47742 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-47742?

1. Patch: Upgrade shopper/framework to 2.8.0, which adds authorization enforcement on `store()` and applies `#[Locked]` to Livewire public product ID properties. 2. Verify: After patching, confirm each sub-form component (Edit, Inventory, Seo, Shipping, Files) enforces `edit_products` authorization server-side — do not rely solely on UI-layer role checks. 3. Workaround (if patching blocked): Restrict admin panel access to trusted IP ranges via WAF or firewall; reduce panel accounts to minimum necessary roles immediately. 4. Detection: Audit admin panel access logs for product mutations by users without `edit_products`; inspect WAF/proxy logs for anomalous Livewire wire payload modifications (altered product_id values across requests). 5. Downstream AI integrity: If Shopper feeds ML pipelines, compare current catalog state against last known-good snapshot to identify unauthorized mutations before the next training or inference cycle.

What systems are affected by CVE-2026-47742?

This vulnerability affects the following AI/ML architecture patterns: E-commerce admin panels with role-based access control, AI-powered product recommendation pipelines, Dynamic pricing ML systems, Inventory optimization and demand forecasting AI, Multi-role admin panel deployments with shared catalog management.

What is the CVSS score for CVE-2026-47742?

CVE-2026-47742 has a CVSS v3.1 base score of 6.5 (MEDIUM). The EPSS exploitation probability is 0.03%.

What is the AI security impact?

Affected AI Architectures

E-commerce admin panels with role-based access controlAI-powered product recommendation pipelinesDynamic pricing ML systemsInventory optimization and demand forecasting AIMulti-role admin panel deployments with shared catalog management

MITRE ATLAS Techniques

AML.T0012 Valid Accounts

AML.T0048.000 Financial Harm

AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Article 9

ISO 42001: A.6.1

NIST AI RMF: GOVERN 2.1

OWASP LLM Top 10: LLM03

What are the technical details?

Original Advisory

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Sub-form Livewire components used in the product editor (Edit, Inventory, Seo, Shipping, Files) had no authorization on their store() method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media without holding edit_products. The affected components accepted the product ID as a public Livewire property without #[Locked], so an attacker could also target an arbitrary product by tampering with the wire payload from the client. This vulnerability is fixed in 2.8.0.

Exploitation Scenario

An attacker with a low-privilege Shopper panel account (e.g., a read-only support role) opens the product editor for any product they can legitimately view. Using browser developer tools or an intercepting proxy, they capture the Livewire wire payload and replace the product_id value — which lacks `#[Locked]` protection — with the ID of a high-value product such as a flagship SKU. They then submit a POST to the Inventory sub-form's `store()` endpoint with a stock value of zero and an inflated price. The server processes the mutation without any authorization check. In an AI-integrated deployment, this corrupted catalog entry propagates to the next recommendation or dynamic pricing model refresh, causing the AI system to suppress the product from recommendations or generate incorrect pricing — with no security event logged.