CVE 9.3 CRITICAL

newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking_CVE-2026-26219

February 12, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

AI Analysis

Unsalted MD5 password hashing vulnerability allowing offline credential cracking

Basic Information

ID CVE-2026-26219

Source VulnCheck

Published Feb 12, 2026 at 18:39

Modified Feb 12, 2026 at 18:42

Affected Product

Vendor newbee-ltd

Product newbee-mall

Version 1.0.0

Affected Versions newbee-ltd newbee-mall 1.0.0

CWE Classification

CWE-327

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor newbee-ltd

Product newbee-mall

Version 1.0.0

References

{
    "lastseen": "",
    "description": "newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.",
    "published": "2026-02-12T18:39:50.267Z",
    "modified": "2026-02-12T18:42:30.669Z",
    "type": "cve",
    "title": "newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking",
    "source": "VulnCheck",
    "references": "https://github.com/newbee-ltd/newbee-mall/issues/119\nhttps://www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-cracking",
    "id": "CVE-2026-26219",
    "bulletinFamily": "",
    "cwe": [
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "newbee-ltd newbee-mall 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "newbee-mall",
    "version": "1.0.0",
    "vendor": "newbee-ltd",
    "ai_description": "Unsalted MD5 password hashing vulnerability allowing offline credential cracking",
    "ai_severity": "Critical",
    "ai_vendor": "newbee-ltd",
    "ai_product": "newbee-mall",
    "ai_version": "1.0.0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply