CVE ID: CVE-2026-0750 Vulnerability Type: Signature Forgery Affected Component: Commerce Paybox in Drupal 7 Affected Versions: >=7.1.0 <=7.1.5 Fixed in: Commerce Paybox NES version 7.1.6 Project Page: http://drupal.org/project/commerce_paybox Risk: High-severity vulnerability Impact: - Data tampering - Unauthorized access - Identity spoofing - Malware injection - Trust erosion - System compromise Issue Description: Found a signature forgery vulnerability in the Commerce Paybox module, which can be exploited for various malicious activities. Fix Description: Added signature verification using the Paybox public key on the offsite return. Mitigation: Disable the Paybox payment method from checkout, restrict callback endpoints, add temporary reverse-proxy rules, or disable the module and patch it. Credit: Discovered by David Hernández (defr)