Improper Authorization in macrozheng mall Super Admin Password Handler
CVE-2026-10070

5.1MEDIUM

Key Information:

Vendor: Macrozheng
Status: Mall
Vendor: CVE Published:; 29 May 2026

What is CVE-2026-10070?

A vulnerability present in the macrozheng mall versions up to 1.0.3 affects the Super Admin Password Handler component located in the /admin/update/ file. This flaw allows for improper authorization, potentially leading to unauthorized access. The vendor's lack of response to early disclosure attempts raises concerns regarding the attention this issue receives. Remote exploitation of this vulnerability is possible, making it crucial for users to ensure their installations are secure, especially considering that the vendor deleted related GitHub issues without explanation.

Affected Version(s)

mall 1.0.0

mall 1.0.1

mall 1.0.2

References

https://vuldb.com/vuln/367156

vdb-entry

https://vuldb.com/vuln/367156/cti

signaturepermissions-required

https://vuldb.com/submit/818384

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2026
Vulnerability Reserved
May 29, 2026

Credit

AliceS614 (VulDB User)

VulDB CNA Team

CVE-2026-10070 Data

JSON