CVE-2026-41930

216.73.216.6

· Published 06/05/2026 19:16 · Modified 06/05/2026 20:16

Labels: CVE-2026-41930 2026-05-06 CVE-2026-41930 CWE-306 [email protected]

Essential information

Published: 06/05/2026 19:16
Modified: 06/05/2026 20:16
Author: —
Creator: —
CVSS: 9.2 CRITICAL (v3) 9.2 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to gain unrestricted read and write access to the entire Vvveb database, including administrator password hashes, customer personally identifiable information, and order data, enabling account takeover and data manipulation.

NVD status

Status: Deferred — When a CVE is given this status the NVD does not plan analyze or re-analyze this CVE due to resource or other concerns.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
vvveb / vvveb	`cpe:2.3:a:vvveb:vvveb:<1.0.8.2:::::::*`