CVE-2026-8077

UNKNOWN 0.0

Weak credentials vulnerability in the CashDro 3 web administration panel

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vulnerability allows all restrictions to be bypassed and completely compromises system management.

CWE	CWE-862
Vendor	cashdro
Product	cashdro 3 administration panel
Published	May 8, 2026
Last Updated	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for cashdro cashdro 3 administration panel

Be the first to know when new unknown vulnerabilities affecting cashdro cashdro 3 administration panel are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

CashDro / CashDro 3 Administration Panel

24.01.00.26

References

NVD ↗ CVE.org ↗ EPSS Data ↗

incibe.es: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cashdro-3 labs.itresit.es: https://labs.itresit.es/2026/05/07/cashdro-vulnerabilities-from-pentest-to-stealing-money/

Credits

Pedro Gabaldón Juliá Javier Medina Munuera David Montoro Aguilera Javier Ayala Ortín Pedro Castillo Torío