CVE-2026-8076

UNKNOWN 0.0

Weak credentials vulnerability in the CashDro 3 web administration panel

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force attack against a user and gain access by trying different PINs without the account being locked. Successful exploitation of this vulnerability could result in unauthorized access to confidential configuration settings, compromising the security of the system.

CWE	CWE-1391
Vendor	cashdro
Product	cashdro 3 administration panel
Published	May 8, 2026
Last Updated	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for cashdro cashdro 3 administration panel

Be the first to know when new unknown vulnerabilities affecting cashdro cashdro 3 administration panel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CashDro / CashDro 3 Administration Panel

24.01.00.26

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cashdro-3 labs.itresit.es: https://labs.itresit.es/2026/05/07/cashdro-vulnerabilities-from-pentest-to-stealing-money/

Credits

Pedro Gabaldón Juliá Javier Medina Munuera David Montoro Aguilera Javier Ayala Ortín Pedro Castillo Torío