CRITICAL🇵🇱 Wersja polska

CVE-2026-26218

CVSS 9.3v4.0pub. 2026-02-12upd. 2026-02-25

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Newbee Mall Project Newbee Mall

    APP
    Newbee-Mall Project
    ≤ 1.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-26219CRITICAL9.3PL ✓ten sam produkt

Newbee-Mall: słabe hashowanie haseł (MD5 bez soli) umożliwia odzyskanie danych logowania

CVE-2022-27477CRITICAL9.8ten sam produkt

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/...

CVE-2020-23448CRITICAL9.8ten sam produkt

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through AdminLog...

CVE-2019-19113CRITICAL9.8ten sam produkt

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka New Bee) before 2019-10-23 allows search?g...

CVE-2024-48178HIGH8.1ten sam produkt

newbee-mall v1.0.0 is vulnerable to Server-Side Request Forgery (SSRF) via the goodsCoverImg parameter.

CVE-2026-26218 — Newbee-Mall Project — Newbee-Mall — CRITICAL — CVSS 9.3 | CVEbaza.pl