Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Mar 5, 2026
newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking
CVE-2026-26219
Description
newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1.0.0
Patches
Vulnerability mechanics
References
2- www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-crackingmitrethird-party-advisory
- github.com/newbee-ltd/newbee-mall/issues/119mitreissue-tracking
News mentions
0No linked articles in our index yet.