Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Mar 5, 2026

newbee-mall Unsalted MD5 Password Hashing Enables Offline Credential Cracking

CVE-2026-26219

Description

newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who obtain password hashes through database exposure, backup leakage, or other compromise vectors to rapidly recover plaintext credentials via offline attacks.

Affected products

Newbee Ltd/Newbee Mallv5
Range: 1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vulncheck.com/advisories/newbee-mall-unsalted-md5-password-hashing-enables-offline-credential-crackingmitrethird-party-advisory
github.com/newbee-ltd/newbee-mall/issues/119mitreissue-tracking

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000