THREAT OPS › Threat News › [GHSA] GHSA-m5f5-28qr-9g9r (critical) — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE
[GHSA] GHSA-m5f5-28qr-9g9r (critical) — prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE
GHSA-m5f5-28qr-9g9r Severity: critical CVE: CVE-2026-54159
prestashop/ps_facetedsearch: PHP Object Injection in faceted search cache allows unauthenticated RCE
### Impact
A PHP Object Injection vulnerability affects the PrestaShop module `ps_facetedsearch`.
The module rebuilds the selected search filters from the request URL. The value of a slider filter (**price** or **weight**) is taken from
Indicators of compromise
- CVE-2026-54159cve
Original source: https://github.com/advisories/GHSA-m5f5-28qr-9g9r