CVE-2026-26219 – newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

CVE ID : CVE-2026-26219

Published : Feb. 12, 2026, 7:15 p.m. | 1 hour, 11 minutes ago

Description : newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…