CVE-2026-26219

Exploit

EPSS 0.02%
Veröffentlicht 12.02.2026 18:39:50
Zuletzt bearbeitet 25.02.2026 16:40:13
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Newbee-mall Project ≫ Newbee-mall Version <= 1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.033

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://github.com/newbee-ltd/newbee-mall/issues/119

Vendor Advisory

Exploit

Issue Tracking

https://www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-cracking

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-26219

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26219

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26219

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26219