CVE-2026-2658

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions newbee-ltd newbee-mall (affected versions not specified)

Description A flaw exists in newbee-ltd newbee-mall. This issue involves a function within the Multiple Endpoints component that can be exploited to perform cross-site request forgery. Remote exploitation is possible. The exploit has been publicly released. The project was notified of the issue but has not yet responded.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352CWE-862

Related Identifiers

CVE-2026-2658

Affected Products

Newbee-Mall

CVE-2026-2658

Weakness Enumeration

Related Identifiers

Affected Products

References · 19