[MEDIUM] Craft Commerce: Potential IDOR in Commerce carts

PKSA-c2xz-ckr6-6mky CVE-2026-31867 GHSA-vff3-pqq8-4cpq

Affected package: craftcms/commerce

Affected version: >=4.0.0,<4.11.0|>=5.0.0,<5.6.0

Reported by:
GitHub