Skip to main content

Redeight CMS CVE-2026-53692

| EUVDEUVD-2026-40294 MEDIUM
Weak Encoding for Password (CWE-261)
2026-06-30 CERT-PL GHSA-92mj-xr7p-2g9c
5.9
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
5.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.2 MEDIUM

AV:L because cracking occurs on the attacker's local system using obtained hashes; AC:L and PR:N since rainbow table attacks require no privileges and trivial tooling; no integrity or availability impact applies.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 30, 2026 - 12:18 vuln.today

DescriptionCVE.org

Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

AnalysisAI

Redeight CMS 1.0 stores user passwords using unsalted MD5 hashes, enabling any attacker who obtains the credential database to recover plaintext passwords nearly instantaneously via precomputed rainbow tables. All stored credentials are effectively exposed upon database compromise, since MD5 is cryptographically broken and the absence of per-user salts eliminates hash uniqueness across identical passwords. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify database access vector on target
Delivery
Extract users table containing MD5 hashes
Exploit
Apply rainbow table or hashcat offline cracking
Execution
Recover plaintext credentials
Persist
Authenticate as compromised users
Impact
Escalate or pivot via credential reuse

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker has already obtained the Redeight CMS password hash database through a separate attack vector - such as SQL injection, directory traversal to an exposed database backup, misconfigured database permissions, or direct database server compromise. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N - score 5.9) accurately frames the attack surface: the hash-cracking phase is local to the attacker's environment, but the AT:P metric is critical - it acknowledges that a prerequisite attack condition must be satisfied (possession of the hash database). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker exploits a separate vulnerability in Redeight CMS - such as SQL injection or an exposed database backup file - to extract the users table containing MD5 password hashes. Using freely available tooling such as hashcat with precomputed rainbow tables, or online MD5 reversal services, the attacker recovers plaintext passwords for the majority of accounts within minutes. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53692 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy