CVE 9.3 CRITICAL

newbee-mall Default Seeded Administrator Credentials Allow Account Takeover_CVE-2026-26218

February 12, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

AI Analysis

Default seeded administrator credentials in newbee-mall allow account takeover

Basic Information

ID CVE-2026-26218

Source VulnCheck

Published Feb 12, 2026 at 18:38

Modified Feb 12, 2026 at 18:42

Affected Product

Vendor newbee-ltd

Product newbee-mall

Version 1.0.0

Affected Versions newbee-ltd newbee-mall 1.0.0

CWE Classification

CWE-798

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor newbee-ltd

Product newbee-mall

Version 1.0.0

References

{
    "lastseen": "",
    "description": "newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.",
    "published": "2026-02-12T18:38:40.357Z",
    "modified": "2026-02-12T18:42:47.926Z",
    "type": "cve",
    "title": "newbee-mall Default Seeded Administrator Credentials Allow Account Takeover",
    "source": "VulnCheck",
    "references": "https://github.com/newbee-ltd/newbee-mall/issues/119\nhttps://www.vulncheck.com/advisories/newbee-mall-default-seeded-administrator-credentials-allow-account-takeover",
    "id": "CVE-2026-26218",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "newbee-ltd newbee-mall 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "newbee-mall",
    "version": "1.0.0",
    "vendor": "newbee-ltd",
    "ai_description": "Default seeded administrator credentials in newbee-mall allow account takeover",
    "ai_severity": "Critical",
    "ai_vendor": "newbee-ltd",
    "ai_product": "newbee-mall",
    "ai_version": "1.0.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply