CVE-2026-26219 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: February 13, 2026
newbee-mall - Weak Cryptography
Overview
newbee-mall contains a weak cryptography vulnerability caused by storing user passwords using unsalted MD5 hashing without computational cost controls, letting attackers with access to password hashes rapidly recover plaintext credentials, exploit requires attacker to obtain password hashes.
Severity & Score
Impact
Attackers can quickly recover user passwords from hashes, leading to account compromise and potential further system access.
Mitigation
Update password storage to use salted, computationally expensive hashing algorithms like bcrypt or Argon2.
References
Social Media Activity(2 posts)
šØ CVE-2026-26219 (CRITICAL): newbee-mall 1.0.0 uses unsalted MD5 for password storage ā enabling fast offline attacks if hashes leak. Upgrade to secure hashing (Argon2, bcrypt, PBKDF2) ASAP! https://radar.offseq.com/threat/cve-2026-26219-cwe-327-use-of-a-broken-or-risky-cr-46123275 #OffSeq #infosec #vuln #ecommerce
View original post
š“ CVE-2026-26219 - Critical (9.1) newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure,... š https://www.thehackerwire.com/vulnerability/CVE-2026-26219/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-26219
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- weak_cryptography
- Status
- unconfirmed
- EPSS
- 2.1%
- Social Posts
- 2
CWE
- CWE-327
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N