[MEDIUM] Craft Commerce: Coupon Code Brute-Force via Rate Limit Bypass

PKSA-8pd1-kqxv-12wq CVE-2026-55795 GHSA-h5gm-x9wr-vhcm

Affected package: craftcms/commerce

Affected version: >=4.0.0,<=4.11.1|>=5.0.0,<=5.6.4

Reported by:
GitHub