newbee-mall Multiple Endpoints Allow Attackers to Forge Requests

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

newbee-mall Multiple Endpoints Allow Attackers to Forge Requests

CVE-2026-2658

Summary

A security flaw in newbee-mall's Multiple Endpoints component could allow hackers to trick users into performing unintended actions. This means that attackers can potentially trick users into doing something they didn't intend to do. The company has not yet fixed this issue, so it's a good idea to be cautious and consider alternative solutions until it's resolved.

Original title

Original description

A vulnerability was found in newbee-ltd newbee-mall up to a069069b07027613bf0e7f571736be86f431faee. Affected is an unknown function of the component Multiple Endpoints. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 5.0

nvd CVSS3.1 4.3

nvd CVSS4.0 5.3

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

CWE-862 Missing Authorization

Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026