MEDIUM
macrozheng
CVE published 2026-05-29
CVE-2026-10070
A medium-severity improper authorization vulnerability exists in macrozheng mall versions up to 1.0.3. The vulnerability resides in the Super Admin Password Handler component, specifically affecting the /admin/update/ endpoint. Remote exploitation is possible through manipulation of this endpoint, allowing an attacker with high privileges to bypass intended authorization controls. The CVSS 4.0 vector indi [truncated]