Incorrect Authorization vulnerability in Drupal Commerce Realex / Global Payments allows Forceful Browsing. This issue affects Commerce Realex / Global Payments versions: from 0.0.0 to 3.0.2.CreditsBill Seremetis (bserem)Alan Burke (alanburke)Bill Seremetis (bserem)Jaime Seuma (jaims-dev)Greg Knaddison (greggles)Drew Webber (mcdruid)Juraj Nemec (poker10)Referenceshttps://www.drupal.org/sa-contrib-2026-058