CVE-2026-8076
Description
Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based credentials, maintaining compatibility with POS software integrations deployed since 2012. This could allow an attacker to easily perform a brute-force attack against a user and gain access by trying different PINs without the account being locked. Successful exploitation of this vulnerability could result in unauthorized access to confidential configuration settings, compromising the security of the system.
Is your site exposed to CVE-2026-8076?
Run a free security scan — no signup, results in seconds.
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-8076? +
How do I check if I'm vulnerable to CVE-2026-8076? +
Related Vulnerabilities
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they …
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can …
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. …
A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the …
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth (e.g., 12072000 …
Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a …