CVE-2026-2165CRITICAL 9.8EPSS p42.7%

CVE-2026-2165CVE-2026-2165

Description

A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to missing authentication. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.7% · 2026-06-18T12:00:27Z
Published2026-02-08
Last modified2026-04-29

Underlying weaknesses· 2

CWE-287CWE-306

References

  1. https://github.com/Nixon-H/Unauthenticated-Admin-Account-Creation
  2. https://github.com/detronetdip/E-commerce/
  3. https://github.com/detronetdip/E-commerce/issues/23
  4. https://vuldb.com/?ctiid.344867
  5. https://vuldb.com/?id.344867
  6. https://vuldb.com/?submit.751857

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-2164
CVE
CVE-2025-15582
CVE
CVE-2025-11511
CVE
CVE-2025-11036
CVE
CVE-2026-2225
CVE
CVE-2025-10616
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.