PT-2026-38910 · Cashdro 3 · Cashdro 3

Peter Gabaldon

Published

2026-05-08

Updated

2026-05-09

CVE-2026-8076

CVSS v4.0

9.3

Critical

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions CashDro 3 version 24.01.00.26

Description The web administration panel allows the use of numeric PINs for user authentication to maintain compatibility with POS software integrations deployed since 2012. This implementation enables attackers to perform brute-force attacks by attempting various PINs without triggering an account lockout. Successful exploitation can lead to unauthorized access to confidential configuration settings.

Recommendations For version 24.01.00.26, disable the use of numeric PINs for authentication or implement account lockout mechanisms to prevent brute-force attempts.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1391

Related Identifiers

CVE-2026-8076

Affected Products

Cashdro 3

PT-2026-38910 · Cashdro 3 · Cashdro 3

CVE-2026-8076

Weakness Enumeration

Related Identifiers

Affected Products

References · 6