### Impact A PHP Object Injection vulnerability affects the PrestaShop module `ps_facetedsearch`. The module rebuilds the selected search filters from the request URL. The value of a slider filter (**price** or **weight**) is taken from the URL without sufficient validation, then stored in an internal filter-block cache where it is serialized and later read back with a raw native `unserialize()`
PHP
Exploit
CVE-2026-54159
GHSA
Update to v3.0.0