CVE-2026-41930

Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.2

Description A hard-coded credentials issue exists in the docker-compose-apache.yaml configuration. This allows unauthenticated attackers to access the bundled phpMyAdmin container using pre-configured database credentials. By connecting to the phpMyAdmin port, attackers can obtain unrestricted read and write access to the entire database, including administrator password hashes, customer personally identifiable information, and order data, which can lead to account takeover and data manipulation.

Recommendations Update to version 1.0.8.2 or later.