CVE-2026-30777
MEDIUMEC-CUBE 4.1.0-4.1.1 - Multi-Factor Authentication Bypass
Title source: llmDescription
EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.
References (2)
Core 2
Core References
Various Sources
https://jvn.jp/en/jp/JVN63765888/
Various Sources
https://www.ec-cube.net/info/weakness/20260209/index.php
Scores
CVSS v3
6.5
EPSS
0.0034
EPSS Percentile
25.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-288
Status
published
Products (4)
ec-cube/ec-cube
4.1.2 (5 CPE variants)
ec-cube/ec-cube
4.2.3 (2 CPE variants)
ec-cube/ec-cube
4.3.1
ec-cube/ec-cube
4.1.0 - 4.1.2
Published
Mar 05, 2026
Tracked Since
Mar 05, 2026