MEDIUM
opensourcepos
CVE published 2026-05-18
CVE-2026-8803
CVE-2026-8803 is reported against opensourcepos Open Source Point of Sale up to 3.4.2 and points to the Employee Login flow in app/Models/Employee.php. The reported issue involves weak hash handling and is described as remotely reachable, but with high complexity and difficult exploitability. Importantly, the vendor says the legacy code remains to support an upgrade path, that the default password is init [truncated]