CVE-2026-47744: Panel RBAC bypass

Q: Is CVE-2026-47744 actively exploited?

No confirmed active exploitation of CVE-2026-47744 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-47744?

1. Patch immediately: upgrade shopper/framework to 2.8.0, which adds mount() authorization to Settings/Team/Index and corrects the view_users permission gate on write actions in Settings/Team/RolePermission. 2. Audit current team membership: diff current roles and user list against a known-good baseline to detect unauthorized role assignments or unrecognized admin accounts created during the exposure window. 3. Review access logs for Settings/Team/* endpoints for suspicious activity from low-privilege accounts — specifically role creation events and user deletion events. 4. Until patched, restrict network access to the admin panel to trusted IP ranges or VPN to reduce the network-accessible attack surface. 5. Rotate all admin credentials post-patch as a precaution if low-privilege accounts had access during the exposure window.

Q: What systems are affected by CVE-2026-47744?

This vulnerability affects the following AI/ML architecture patterns: ML admin interfaces, AI-driven e-commerce platforms, Data annotation pipeline management panels, Model lifecycle management dashboards.

Q: What is the CVSS score for CVE-2026-47744?

CVE-2026-47744 has a CVSS v3.1 base score of 9.9 (CRITICAL). The EPSS exploitation probability is 0.04%.

CISO Take

CVE-2026-47744 affects the Shopper headless e-commerce admin panel, where two chained authorization defects in team settings allow any low-privilege authenticated user to seize full administrator control and expel legitimate admins from the system. The first flaw skips authorization entirely on the team index page; the second gates privilege-write operations on the read-only view_users permission, meaning any account holding that permission can grant itself or others full manage_users access — a complete RBAC collapse. With 475 downstream dependents and a CVSS of 9.9, any AI/ML pipeline or e-commerce deployment built on this framework is exposed to full administrative compromise with nothing more than a valid low-tier account. Despite a low absolute EPSS (0.036%), the CVE ranks in the 89th percentile for exploitation likelihood and the attack requires only knowledge of two vulnerable endpoints — no exploit tooling needed. Patch immediately to Shopper 2.8.0; there is no known workaround short of the fix shipped in that release.

Sources: NVD GitHub Advisory EPSS ATLAS OpenSSF

What is the risk?

CRITICAL. CVSS 9.9 (AV:N/AC:L/PR:L/UI:N/S:C) reflects near-worst-case authorization failure: network-reachable, low complexity, low privileges required, no user interaction, and changed scope. Any authenticated user — including trial accounts, contractor accounts, or credentials obtained via phishing — can become a full administrator in a single session. The absence of public exploits or active KEV listing provides modest short-term protection, but the attack requires only understanding two flawed endpoints, making weaponization trivial once the advisory is public. Organizations running Shopper in AI/ML stack management contexts face full system compromise risk with a very low exploitation barrier.

How does the attack unfold?

Initial Access

Attacker authenticates to the Shopper admin panel using any valid low-privilege account, such as one holding only the view_users read-only permission.

AML.T0012

Privilege Escalation

Attacker exploits the broken view_users permission gate on Settings/Team/RolePermission to issue a write request that grants their account manage_users and edit_orders permissions.

AML.T0049

Persistence

Attacker uses the now-unguarded Settings/Team/Index page to create a backdoor administrator account, ensuring continued access independent of the original compromised credentials.

AML.T0021

Impact

Attacker deletes legitimate administrator accounts to lock out defenders, then exfiltrates order and user data, manipulates AI pipeline configurations, or causes financial harm via the fully compromised panel.

AML.T0048.000

Initial Access

Attacker authenticates to the Shopper admin panel using any valid low-privilege account, such as one holding only the view_users read-only permission.

AML.T0012

Privilege Escalation

Attacker exploits the broken view_users permission gate on Settings/Team/RolePermission to issue a write request that grants their account manage_users and edit_orders permissions.

AML.T0049

Persistence

Attacker uses the now-unguarded Settings/Team/Index page to create a backdoor administrator account, ensuring continued access independent of the original compromised credentials.

AML.T0021

Impact

Attacker deletes legitimate administrator accounts to lock out defenders, then exfiltrates order and user data, manipulates AI pipeline configurations, or causes financial harm via the fully compromised panel.

AML.T0048.000

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
Panel	composer	< 2.8.0	`2.8.0`
5.7K OpenSSF 6.5 479 dependents Pushed 3d ago 90% patched ~4d to patch Full package profile →

Do you use Panel? You're affected.

How severe is it?

CVSS 3.1

9.9 / 10

EPSS

0.0%

chance of exploitation in 30 days

Higher than 11% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR Low

UI None

S Changed

C High

I High

A High

What should I do?

5 steps

Patch immediately: upgrade shopper/framework to 2.8.0, which adds mount() authorization to Settings/Team/Index and corrects the view_users permission gate on write actions in Settings/Team/RolePermission.
Audit current team membership: diff current roles and user list against a known-good baseline to detect unauthorized role assignments or unrecognized admin accounts created during the exposure window.
Review access logs for Settings/Team/* endpoints for suspicious activity from low-privilege accounts — specifically role creation events and user deletion events.
Until patched, restrict network access to the admin panel to trusted IP ranges or VPN to reduce the network-accessible attack surface.
Rotate all admin credentials post-patch as a precaution if low-privilege accounts had access during the exposure window.

What does CISA's SSVC say?

Decision Track

Exploitation none

Automatable No

Technical Impact total

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Auth Bypass Code Execution Framework AML.T0012 - Valid Accounts AML.T0048.000 - Financial Harm AML.T0049 - Exploit Public-Facing Application

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Article 9 - Risk Management System

ISO 42001

A.6.1.2 - User Access Management

NIST AI RMF

GOVERN 1.7 - Processes for Organizational Accountability

OWASP LLM Top 10

LLM06:2025 - Excessive Agency

Frequently Asked Questions

What is CVE-2026-47744?

CVE-2026-47744 affects the Shopper headless e-commerce admin panel, where two chained authorization defects in team settings allow any low-privilege authenticated user to seize full administrator control and expel legitimate admins from the system. The first flaw skips authorization entirely on the team index page; the second gates privilege-write operations on the read-only view_users permission, meaning any account holding that permission can grant itself or others full manage_users access — a complete RBAC collapse. With 475 downstream dependents and a CVSS of 9.9, any AI/ML pipeline or e-commerce deployment built on this framework is exposed to full administrative compromise with nothing more than a valid low-tier account. Despite a low absolute EPSS (0.036%), the CVE ranks in the 89th percentile for exploitation likelihood and the attack requires only knowledge of two vulnerable endpoints — no exploit tooling needed. Patch immediately to Shopper 2.8.0; there is no known workaround short of the fix shipped in that release.

Is CVE-2026-47744 actively exploited?

No confirmed active exploitation of CVE-2026-47744 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-47744?

1. Patch immediately: upgrade shopper/framework to 2.8.0, which adds mount() authorization to Settings/Team/Index and corrects the view_users permission gate on write actions in Settings/Team/RolePermission. 2. Audit current team membership: diff current roles and user list against a known-good baseline to detect unauthorized role assignments or unrecognized admin accounts created during the exposure window. 3. Review access logs for Settings/Team/* endpoints for suspicious activity from low-privilege accounts — specifically role creation events and user deletion events. 4. Until patched, restrict network access to the admin panel to trusted IP ranges or VPN to reduce the network-accessible attack surface. 5. Rotate all admin credentials post-patch as a precaution if low-privilege accounts had access during the exposure window.

What systems are affected by CVE-2026-47744?

This vulnerability affects the following AI/ML architecture patterns: ML admin interfaces, AI-driven e-commerce platforms, Data annotation pipeline management panels, Model lifecycle management dashboards.

What is the CVSS score for CVE-2026-47744?

CVE-2026-47744 has a CVSS v3.1 base score of 9.9 (CRITICAL). The EPSS exploitation probability is 0.04%.

What is the AI security impact?

Affected AI Architectures

ML admin interfacesAI-driven e-commerce platformsData annotation pipeline management panelsModel lifecycle management dashboards

MITRE ATLAS Techniques

AML.T0012 Valid Accounts

AML.T0048.000 Financial Harm

AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Article 9

ISO 42001: A.6.1.2

NIST AI RMF: GOVERN 1.7

OWASP LLM Top 10: LLM06:2025

What are the technical details?

Original Advisory

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount() authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users, including administrators. Settings/Team/RolePermission gated its write actions on the read-only view_users permission. Any user holding view_users could grant themselves or any other user arbitrary permissions, including manage_users and edit_orders, effectively escalating to full panel administrator from a read-only account. Combined, these two defects allow a low-privilege authenticated user to obtain administrator privileges and remove the legitimate administrators from the panel. This vulnerability is fixed in 2.8.0.

Exploitation Scenario

An adversary with a low-privilege Shopper panel account (e.g., a contractor holding only view_users access) navigates to Settings/Team/RolePermission and issues a write request to grant their account manage_users privileges. Because the endpoint checks only the read-only view_users flag rather than a write-authorized permission, the escalation succeeds silently. The attacker then uses their elevated rights to create a backdoor administrator account via the unguarded Settings/Team/Index page. Finally, they delete the legitimate administrator accounts to prevent recovery, gaining persistent exclusive control over the panel, its order data, and any AI/ML pipeline managed through it — all within a single authenticated session with no exploit tooling required.