CVE-2026-30777
EUVD-2026-979105.03.2026, 06:16
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ec-cube | ec-cube | 4.1.0 ≤ 𝑥 < 4.1.2 |
| ec-cube | ec-cube | 4.2.0 ≤ 𝑥 < 4.2.3 |
| ec-cube | ec-cube | 4.3.0 ≤ 𝑥 < 4.3.1 |
| ec-cube | ec-cube | 4.1.2 |
| ec-cube | ec-cube | 4.1.2:p1 |
| ec-cube | ec-cube | 4.1.2:p2 |
| ec-cube | ec-cube | 4.1.2:p3 |
| ec-cube | ec-cube | 4.1.2:p4 |
| ec-cube | ec-cube | 4.2.3 |
| ec-cube | ec-cube | 4.2.3:p1 |
| ec-cube | ec-cube | 4.3.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration