ByteOS Network

CVE Vulnerability Details :

CVE-2026-2658

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-18 Feb, 2026 | 17:02

Updated At-18 Feb, 2026 | 17:59

▼CVE Numbering Authority (CNA)

newbee-ltd newbee-mall Multiple Endpoints cross-site request forgery

A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

Affected Products

Vendor

newbee-ltd

Product

newbee-mall

Modules

Multiple Endpoints

Versions

Affected

a069069b07027613bf0e7f571736be86f431faee

Problem Types

Type	CWE ID	Description
CWE	CWE-352	Cross-Site Request Forgery
CWE	CWE-862	Missing Authorization

Type: CWE

CWE ID: CWE-352

Description: Cross-Site Request Forgery

Type: CWE

CWE ID: CWE-862

Description: Missing Authorization

Metrics

Version	Base score	Base severity	Vector
4.0	5.3	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.1	4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.0	5.0	N/A	AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Version: 4.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Version: 3.1

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Version: 3.0

Base score: 4.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Version: 2.0

Base score: 5.0

Base severity: N/A

Vector:

AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR

Credits

reporter

flashzyc (VulDB User)

Timeline

Event	Date
Advisory disclosed	2026-02-18 00:00:00
VulDB entry created	2026-02-18 01:00:00
VulDB entry last update	2026-02-18 08:02:07

Event: Advisory disclosed

Date: 2026-02-18 00:00:00

Event: VulDB entry created

Date: 2026-02-18 01:00:00

Event: VulDB entry last update

Date: 2026-02-18 08:02:07

References

Hyperlink	Resource
https://vuldb.com/?id.346456	vdb-entry
https://vuldb.com/?ctiid.346456	signature permissions-required
https://vuldb.com/?submit.752797	third-party-advisory
https://vuldb.com/?submit.752798	third-party-advisory
https://vuldb.com/?submit.752799	third-party-advisory
https://vuldb.com/?submit.752800	third-party-advisory
https://vuldb.com/?submit.752801	third-party-advisory
https://vuldb.com/?submit.752802	third-party-advisory
https://vuldb.com/?submit.752803	third-party-advisory
https://vuldb.com/?submit.752804	third-party-advisory
https://vuldb.com/?submit.752805	third-party-advisory
https://vuldb.com/?submit.752806	third-party-advisory
https://github.com/newbee-ltd/newbee-mall/issues/106	issue-tracking
https://github.com/newbee-ltd/newbee-mall/issues/107	exploit issue-tracking
https://github.com/newbee-ltd/newbee-mall/	product