CVE-2026-30777
CVSS Score
4.9
EPSS Score
0.0%
EPSS Percentile
0th
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.
| Vendor | ec-cube co.,ltd. |
| Product | ec-cube 4.1 series |
| Published | Mar 5, 2026 |
| Last Updated | Mar 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for ec-cube co.,ltd. ec-cube 4.1 series
Be the first to know when new medium vulnerabilities affecting ec-cube co.,ltd. ec-cube 4.1 series are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N Affected Versions
EC-CUBE CO.,LTD. / EC-CUBE 4.1 series
prior to 4.1.2-p5
EC-CUBE CO.,LTD. / EC-CUBE 4.2 series
prior to 4.2.3-p2
EC-CUBE CO.,LTD. / EC-CUBE 4.3 series
prior to 4.3.1-p1