Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Mar 5, 2026

newbee-mall Default Seeded Administrator Credentials Allow Account Takeover

CVE-2026-26218

Description

newbee-mall includes pre-seeded administrator accounts in its database initialization script. These accounts are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change the default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application.

Affected products

Newbee Ltd/Newbee Mallv5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/newbee-mall-default-seeded-administrator-credentials-allow-account-takeovermitrethird-party-advisory
github.com/newbee-ltd/newbee-mall/issues/119mitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000