Home / Vulnerability Intelligence / CVE-2026-26218

CVE-2026-26218 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 13, 2026

newbee-mall - Authentication Bypass

Published: February 12, 2026Updated: February 13, 2026Remote Exploitable

Overview

newbee-mall contains a broken authentication vulnerability caused by pre-seeded administrator accounts with predictable default passwords in the database initialization script, letting unauthenticated attackers gain full administrative control, exploit requires unchanged default credentials.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.4%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can log in as administrators and gain full control of the application.

Mitigation

Change default administrative credentials immediately after deployment or update to a version that removes default accounts.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🔴 CVE-2026-26218 - Critical (9.8) newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-26218/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-26218
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 7.4%
Social Posts: 1

CWE

CWE-798

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.4%Probability of exploitation in the next 30 days