CVE-2026-2658

A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

CVSS v3 4.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/newbee-ltd/newbee-mall/
https://github.com/newbee-ltd/newbee-mall/issues/106
https://github.com/newbee-ltd/newbee-mall/issues/107
https://vuldb.com/?ctiid.346456
https://vuldb.com/?id.346456
https://vuldb.com/?submit.752797
https://vuldb.com/?submit.752798
https://vuldb.com/?submit.752799
https://vuldb.com/?submit.752800
https://vuldb.com/?submit.752801
https://vuldb.com/?submit.752802
https://vuldb.com/?submit.752803
https://vuldb.com/?submit.752804
https://vuldb.com/?submit.752805
https://vuldb.com/?submit.752806

Configurations

No configuration.

History

18 Feb 2026, 18:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-18 18:24

Updated : 2026-02-19 15:53

NVD link : CVE-2026-2658

Mitre link : CVE-2026-2658

CVE.ORG link : CVE-2026-2658

JSON object : View

Products Affected

No product.

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-862

Missing Authorization

{"id": "CVE-2026-2658", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-18T18:24:34.400", "references": [{"url": "https://github.com/newbee-ltd/newbee-mall/", "source": "cna@vuldb.com"}, {"url": "https://github.com/newbee-ltd/newbee-mall/issues/106", "source": "cna@vuldb.com"}, {"url": "https://github.com/newbee-ltd/newbee-mall/issues/107", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.346456", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.346456", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752797", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752798", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752799", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752800", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752801", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752802", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752803", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752804", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752805", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.752806", "source": "cna@vuldb.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet."}], "lastModified": "2026-02-19T15:53:02.850", "sourceIdentifier": "cna@vuldb.com"}