CVE-2026-26218

Name of the Vulnerable Software and Affected Versions newbee-mall (affected versions not specified)

Description The application includes pre-seeded administrator accounts in its database initialization script, which are provisioned with a predictable default password. Deployments that initialize or reset the database using the provided schema and fail to change these default administrative credentials may allow unauthenticated attackers to log in as an administrator and gain full administrative control of the application. The application’s database contains default admin accounts with predictable passwords.

Recommendations Change the default administrative credentials to prevent unauthorized access.