CVE-2026-26218

CRITICAL
2026-02-12 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
PoC Detected
Feb 25, 2026 - 16:41 vuln.today
Public exploit code
CVE Published
Feb 12, 2026 - 19:15 nvd
CRITICAL 9.8

Tags

Authentication Bypass Newbee Mall

Description

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

Analysis

Hardcoded admin credentials in newbee-mall e-commerce platform database initialization script. PoC available.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Audit all newbee-mall instances to identify deployment scope and immediately change all administrator account passwords to complex, unique credentials. Within 7 days: Implement network access controls restricting administrative interfaces to authorized personnel only and enable detailed logging of administrative actions. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

69
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: +20

Share

CVE-2026-26218 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy