CVE-2026-30777

Summary

EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.

Affected Software

VendorProductVersion RangeStatus
EC-CUBE CO.,LTD.EC-CUBE 4.1 seriesprior to 4.1.2-p5affected
EC-CUBE CO.,LTD.EC-CUBE 4.2 seriesprior to 4.2.3-p2affected
EC-CUBE CO.,LTD.EC-CUBE 4.3 seriesprior to 4.3.1-p1affected

Weaknesses

  • CWE-288: Authentication Bypass Using an Alternate Path or Channel

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References