CVE-2026-26218CRITICAL 9.8EPSS p28.4%

CVE-2026-26218CVE-2026-26218

Description

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.37% probability of exploitation · percentile 28.4% · 2026-06-18T12:00:27Z
Published2026-02-12
Last modified2026-02-25

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/newbee-ltd/newbee-mall/issues/119
  2. https://www.vulncheck.com/advisories/newbee-mall-default-seeded-administrator-credentials-allow-account-takeover

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-26219
CVE
CVE-2026-41930
CVE
CVE-2025-64281
CVE
CVE-2026-29861
CVE
CVE-2025-67418
CVE
CVE-2025-1956
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.