[HIGH] Craft Commerce hasVariant/hasProduct Blind SQL Injection

PKSA-nhg1-858f-sgm2 CVE-2026-32272 GHSA-r54v-qq87-px5r

Affected package: craftcms/commerce

Affected version: >=5.0.0,<5.6.0

Reported by:
GitHub