CVE-2026-40887 Blast Radius

CRITICAL • CVSS 9.1Vendure is an open-source headless commerce platform. Starting in version 1.7.4 and prior to versions 2.3.4, 3.5.7, and 3.6.2, an unauthenticated SQL

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2026-40887.

Start Free Scan →← Back to CVE-2026-40887