Newbee-Mall stores and verifies user passwords using an unsalted MD5 hashing algorithm, enabling attackers to rapidly recover plaintext credentials via offline attacks if they obtain password hashes through database exposure, backup leakage, or other compromise vectors. The implementation lacks per-user salts and computational cost controls, exacerbating the vulnerability. Security teams and administrator [truncated]
CVE-2026-26218 is a critical vulnerability in Newbee-Mall, a popular e-commerce platform. The vulnerability arises from pre-seeded administrator accounts in the database initialization script, provisioned with predictable default passwords. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attacke [truncated]