What is the CVSS score of CVE-2026-26219?

CVE-2026-26219 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Newbee Mall are affected by CVE-2026-26219?

A critical vulnerability in newbee-mall allows attackers to compromise user passwords through weak MD5 hashing without salt protection.

Is there a public PoC exploit available for CVE-2026-26219?

Yes, a public proof-of-concept exploit is available for CVE-2026-26219. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-26219?

Within 24 hours: Inventory all systems running newbee-mall and assess exposure scope; enable enhanced monitoring for suspicious authentication activity. Within 7 days: Implement network segmentation to restrict newbee-mall access; deploy Web Application Firewall (WAF) rules to detect brute force attacks; conduct password audit for exposed credentials. Within 30 days: Migrate to alternative solution with modern password hashing (bcrypt/Argon2) or force user password reset after deploying compensating controls; implement multi-factor authentication.

Newbee Mall CVE-2026-26219

CRITICAL

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

2026-02-12 disclosure@vulncheck.com

Information Disclosure Newbee Mall

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 25, 2026 - 16:40 vuln.today

Public exploit code

CVE Published

Feb 12, 2026 - 19:15 nvd

CRITICAL 9.1

DescriptionCVE.org

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

AnalysisAI

Unsalted MD5 password hashing in newbee-mall. Combined with hardcoded credentials (CVE-2026-26218), passwords are trivially crackable. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Obtain database containing MD5 password hashes

Exploit

Perform offline dictionary/brute-force attack

Execution

Recover plaintext passwords

Impact

Authenticate as compromised users

Access

Obtain database containing MD5 password hashes

Exploit

Perform offline dictionary/brute-force attack

Execution

Recover plaintext passwords

Impact

Authenticate as compromised users

Vulnerability AssessmentAI

Exploitation	Database access or backup containing newbee-mall user password hashes. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	After database access (via SQLi or default creds), all user passwords are cracked instantly via MD5 rainbow tables.
Remediation	Migrate to bcrypt/argon2 with per-user salts. Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running newbee-mall and assess exposure scope; enable enhanced monitoring for suspicious authentication activity. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-26219 vulnerability details – vuln.today

Back

Newbee Mall CVE-2026-26219

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code