[LOW] Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments

PKSA-tnb8-k5sw-yxmk CVE-2026-32270 GHSA-3vxg-x5f8-f5qf

Affected package: craftcms/commerce

Affected version: >=4.0.0,<=4.10.2|>=5.0.0,<=5.5.4

Reported by:
GitHub