CVE-2026-26219

Critical CVSS: 9.3

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

Vendor

Newbee-mall Project

Product

Newbee-mall

CWE

CWE-327

Yayın Tarihi

2026-02-12 19:15:52

Güncelleme

2026-02-25 16:40:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-327 Newbee-mall CRITICAL Newbee-mall Project 2026

Referanslar

https://github.com/newbee-ltd/newbee-mall/issues/119 https://www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-cracking

Benzer Kayıtlar

Critical

CVE-2026-26218

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisi…

Medium

CVE-2025-10423

A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The…

Medium

CVE-2025-10422

A vulnerability has been found in newbee-mall up to 613a662adf1da7623ec34459bc83e3c1b12d8ce7. This issue affects the fun…

Medium

CVE-2025-4259

A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the func…

Medium

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /…