CVE-2026-30777

MEDIUM

EC-CUBE - Auth Bypass

Title source: llm

Description

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.

References (2)

[Various Sources] https://jvn.jp/en/jp/JVN63765888/

[Various Sources] https://www.ec-cube.net/info/weakness/20260209/index.php

Scores

CVSS v3 6.5

EPSS 0.0009

EPSS Percentile 25.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-288

Status published

Products (4)

ec-cube/ec-cube 4.1.2 (5 CPE variants)

ec-cube/ec-cube 4.2.3 (2 CPE variants)

ec-cube/ec-cube 4.3.1

ec-cube/ec-cube 4.1.0 - 4.1.2

Published Mar 05, 2026

Tracked Since Mar 05, 2026