{"id":77033,"date":"2026-02-12T22:45:52","date_gmt":"2026-02-12T19:15:52","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-26218-newbee-mall-default-seeded-administrator-credentials-allow-account-takeover\/"},"modified":"2026-02-12T22:45:52","modified_gmt":"2026-02-12T19:15:52","slug":"cve-2026-26218-newbee-mall-default-seeded-administrator-credentials-allow-account-takeover","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-26218-newbee-mall-default-seeded-administrator-credentials-allow-account-takeover\/","title":{"rendered":"CVE-2026-26218 &#8211; newbee-mall Default Seeded Administrator Credentials Allow Account Takeover"},"content":{"rendered":"<p>CVE ID : CVE-2026-26218<\/p>\n<p>Published :  Feb. 12, 2026, 7:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago<\/p>\n<p>Description : newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.<\/p>\n<p>Severity: 9.8 | CRITICAL<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-26218 Published : Feb. 12, 2026, 7:15 p.m. | 1\u00a0hour, 11\u00a0minutes ago Description : newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-77033","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=77033"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/77033\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=77033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=77033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=77033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}