{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "4.1.0" }, { "fixed": "4.1.2" }, { "introduced": "4.2.0" }, { "fixed": "4.2.3" }, { "introduced": "4.3.0" }, { "fixed": "4.3.1" }, { "introduced": "0" }, { "last_affected": "4.1.2-NA" }, { "introduced": "0" }, { "last_affected": "4.1.2-p1" }, { "introduced": "0" }, { "last_affected": "4.1.2-p2" }, { "introduced": "0" }, { "last_affected": "4.1.2-p3" }, { "introduced": "0" }, { "last_affected": "4.1.2-p4" }, { "introduced": "0" }, { "last_affected": "4.2.3-NA" }, { "introduced": "0" }, { "last_affected": "4.2.3-p1" }, { "introduced": "0" }, { "last_affected": "4.3.1-NA" } ] }, "events": [ { "introduced": "5d02dde61f824fb9e264d003f59afc4663811567" }, { "fixed": "710b64ce96786770fe59ba8255ff16925171f172" }, { "introduced": "0fbb7b3a340c75f2860123d5e01d706f8a15127b" }, { "fixed": "daed16e5da3c6847b232af24b06d76d55d8cbd42" }, { "introduced": "c97204439000a877566bc232cb768862d3bfcbb0" }, { "fixed": "cd8fa9826ddee6757bd2e952c9db4023e856c156" }, { "introduced": "0" }, { "last_affected": "710b64ce96786770fe59ba8255ff16925171f172" }, { "introduced": "0" }, { "last_affected": "56786c9bb456ad52fa1f3b16dd9e675cc4a480fa" }, { "introduced": "0" }, { "last_affected": "5fa190d57929b2c1cee7b400c45751bed66cc56e" }, { "introduced": "0" }, { "last_affected": "f8abedfe319c45dcb8816074098906adc3aaeba6" }, { "introduced": "0" }, { "last_affected": "83dfd5f87f806f070201787b8d228e1dc9e1ac57" }, { "introduced": "0" }, { "last_affected": "daed16e5da3c6847b232af24b06d76d55d8cbd42" }, { "introduced": "0" }, { "last_affected": "15a5fa1e26ce69e9a584ad52b31cca638a43d712" }, { "introduced": "0" }, { "last_affected": "cd8fa9826ddee6757bd2e952c9db4023e856c156" } ], "repo": "https://github.com/ec-cube/ec-cube", "type": "GIT" } ] } ], "details": "EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.", "id": "CVE-2026-30777", "modified": "2026-03-11T13:47:50.344292184Z", "published": "2026-03-05T06:16:51.997Z", "references": [ { "type": "ADVISORY", "url": "https://jvn.jp/en/jp/JVN63765888/" }, { "type": "FIX", "url": "https://www.ec-cube.net/info/weakness/20260209/index.php" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ] }