CVE-2026-26218

Critical CVSS: 9.3

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

Vendor

Newbee-mall Project

Product

Newbee-mall

CWE

CWE-798

Yayın Tarihi

2026-02-12 19:15:52

Güncelleme

2026-02-25 16:41:25

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-798 Newbee-mall CRITICAL Newbee-mall Project 2026

Referanslar

https://github.com/newbee-ltd/newbee-mall/issues/119 https://www.vulncheck.com/advisories/newbee-mall-default-seeded-administrator-credentials-allow-account-takeover

Benzer Kayıtlar

Critical

CVE-2026-26219

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not inco…

Medium

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The…

Medium

CVE-2025-10422

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the fun…

Medium

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the func…

Medium

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /…