{"id":"CVE-2026-30777","details":"EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-factor authentication and gain unauthorized access to the administrative page.","modified":"2026-04-10T05:41:50.970042Z","published":"2026-03-05T06:16:51.997Z","references":[{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN63765888/"},{"type":"FIX","url":"https://www.ec-cube.net/info/weakness/20260209/index.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ec-cube/ec-cube","events":[{"introduced":"5d02dde61f824fb9e264d003f59afc4663811567"},{"fixed":"710b64ce96786770fe59ba8255ff16925171f172"},{"introduced":"0fbb7b3a340c75f2860123d5e01d706f8a15127b"},{"fixed":"daed16e5da3c6847b232af24b06d76d55d8cbd42"},{"introduced":"c97204439000a877566bc232cb768862d3bfcbb0"},{"fixed":"cd8fa9826ddee6757bd2e952c9db4023e856c156"},{"introduced":"0"},{"last_affected":"710b64ce96786770fe59ba8255ff16925171f172"},{"introduced":"0"},{"last_affected":"56786c9bb456ad52fa1f3b16dd9e675cc4a480fa"},{"introduced":"0"},{"last_affected":"5fa190d57929b2c1cee7b400c45751bed66cc56e"},{"introduced":"0"},{"last_affected":"f8abedfe319c45dcb8816074098906adc3aaeba6"},{"introduced":"0"},{"last_affected":"83dfd5f87f806f070201787b8d228e1dc9e1ac57"},{"introduced":"0"},{"last_affected":"daed16e5da3c6847b232af24b06d76d55d8cbd42"},{"introduced":"0"},{"last_affected":"15a5fa1e26ce69e9a584ad52b31cca638a43d712"},{"introduced":"0"},{"last_affected":"cd8fa9826ddee6757bd2e952c9db4023e856c156"}],"database_specific":{"versions":[{"introduced":"4.1.0"},{"fixed":"4.1.2"},{"introduced":"4.2.0"},{"fixed":"4.2.3"},{"introduced":"4.3.0"},{"fixed":"4.3.1"},{"introduced":"0"},{"last_affected":"4.1.2-NA"},{"introduced":"0"},{"last_affected":"4.1.2-p1"},{"introduced":"0"},{"last_affected":"4.1.2-p2"},{"introduced":"0"},{"last_affected":"4.1.2-p3"},{"introduced":"0"},{"last_affected":"4.1.2-p4"},{"introduced":"0"},{"last_affected":"4.2.3-NA"},{"introduced":"0"},{"last_affected":"4.2.3-p1"},{"introduced":"0"},{"last_affected":"4.3.1-NA"}]}}],"versions":["4.1.0","4.1.1","4.1.1-20211130","4.1.2","4.1.2-20220128","4.1.2-20220203","4.1.2-p1","4.1.2-p2","4.1.2-p3","4.1.2-p4","4.2.0","4.2.1","4.2.1-20230116","4.2.2","4.2.2-20230606","4.2.2-20230616","4.2.3","4.2.3-20231002","4.2.3-20231023","4.2.3-p1","4.3.0","4.3.1","co/4.1-20211111","co/4.1-20211118","co/4.1-20211125","co/4.1-20211202","co/4.1-20220210","co/4.1-20220217","co/4.2-20221006","co/4.2-20221013","co/4.2-20221020","co/4.2-20221027","co/4.2-20221215","co/4.2-20230119","co/4.2-20230216","co/4.2-20230222","co/4.2-20230511","co/4.2-20230608","co/4.2-20230921","co/4.2-20231005","co/4.2-20231026"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30777.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}]}