{"uuid": "3beb0c21-6e0e-4f1d-94fe-0a72cdd71645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-54390", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116772530635095713", "content": "CRITICAL: CVE-2026-54390 in JTL Shop (5.2.0 \u2013 5.7.1) enables unauthenticated template injection. Attackers can extract secrets; RCE possible in 5.4.0+. No patch yet \u2014 restrict access & monitor logs. https://radar.offseq.com/threat/cve-2026-54390-improper-neutralization-of-special--56e42e7fa37d20ee #OffSeq #CVE202654390 #infosec #websecurity", "creation_timestamp": "2026-06-18T18:30:17.105039Z"}