CVE-2026-8803

Name of the Vulnerable Software and Affected Versions opensourcepos Open Source Point of Sale versions prior to 3.4.3

Description A flaw in the Employee Login component allows for the use of a weak hash. The issue is located in the Login() function within the app/Models/Employee.php file. This vulnerability is characterized by high complexity and difficult exploitability. According to the vendor, the legacy code remains to support upgrade paths, where default passwords seeded with the old hash function are migrated to a newer one upon login, and any password change utilizes the current hash function.

Recommendations Update to a version later than 3.4.2. As a temporary workaround, restrict access to the Login() function in the app/Models/Employee.php file to minimize the risk of exploitation.