CVE-2026-30777

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-30777

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30777.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-30777

Published

2026-03-05T06:16:51.997Z

Modified

2026-04-10T05:41:50.970042Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.

References

Affected packages

Git / github.com/ec-cube/ec-cube

Affected ranges

Type

GIT

Repo

https://github.com/ec-cube/ec-cube

Events

Introduced

5d02dde61f824fb9e264d003f59afc4663811567

Fixed

710b64ce96786770fe59ba8255ff16925171f172

Introduced

0fbb7b3a340c75f2860123d5e01d706f8a15127b

Fixed

daed16e5da3c6847b232af24b06d76d55d8cbd42

Introduced

c97204439000a877566bc232cb768862d3bfcbb0

Fixed

cd8fa9826ddee6757bd2e952c9db4023e856c156

Introduced

Last affected

710b64ce96786770fe59ba8255ff16925171f172

Introduced

Last affected

56786c9bb456ad52fa1f3b16dd9e675cc4a480fa

Introduced

Last affected

5fa190d57929b2c1cee7b400c45751bed66cc56e

Introduced

Last affected

f8abedfe319c45dcb8816074098906adc3aaeba6

Introduced

Last affected

83dfd5f87f806f070201787b8d228e1dc9e1ac57

Introduced

Last affected

daed16e5da3c6847b232af24b06d76d55d8cbd42

Introduced

Last affected

15a5fa1e26ce69e9a584ad52b31cca638a43d712

Introduced

Last affected

cd8fa9826ddee6757bd2e952c9db4023e856c156

Database specific

{
    "versions": [
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.2"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.3"
        },
        {
            "introduced": "4.3.0"
        },
        {
            "fixed": "4.3.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-p3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.1.2-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.3-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.3-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.3.1-NA"
        }
    ]
}

Affected versions

4.*

4.1.0

4.1.1

4.1.1-20211130

4.1.2

4.1.2-20220128

4.1.2-20220203

4.1.2-p1

4.1.2-p2

4.1.2-p3

4.1.2-p4

4.2.0

4.2.1

4.2.1-20230116

4.2.2

4.2.2-20230606

4.2.2-20230616

4.2.3

4.2.3-20231002

4.2.3-20231023

4.2.3-p1

4.3.0

4.3.1

co/4.*

co/4.1-20211111

co/4.1-20211118

co/4.1-20211125

co/4.1-20211202

co/4.1-20220210

co/4.1-20220217

co/4.2-20221006

co/4.2-20221013

co/4.2-20221020

co/4.2-20221027

co/4.2-20221215

co/4.2-20230119

co/4.2-20230216

co/4.2-20230222

co/4.2-20230511

co/4.2-20230608

co/4.2-20230921

co/4.2-20231005

co/4.2-20231026

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30777.json"