CVE-2026-8890

🗓️ 26 May 2026 18:23:13Reported by VulnCheckType

CVE-2026-8890: code100x Mobile interface allows unauthenticated impersonation via spoofed identity header and unvalidated authentication key.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-8890	26 May 202618:23	–	attackerkb
Circl	CVE-2026-8890	26 May 202622:50	–	circl
CNNVD	100xDevs CMS 安全漏洞	26 May 202600:00	–	cnnvd
Cvelist	CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing	26 May 202618:23	–	cvelist
EUVD	EUVD-2026-31953	26 May 202618:23	–	euvd
NVD	CVE-2026-8890	26 May 202619:16	–	nvd
Positive Technologies	PT-2026-43378	26 May 202600:00	–	ptsecurity
Vulnrichment	CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing	26 May 202618:23	–	vulnrichment

Vulners

Node

code100x code100xRange0–90b489ee7c63c301107d6374d4b3f2b8e4060fe5

code100x code100xRange0–88c6c5e94e23da101235c4c7e9c7591ac1016549

[
  {
    "vendor": "code100x",
    "product": "code100x",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "90b489ee7c63c301107d6374d4b3f2b8e4060fe5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "88c6c5e94e23da101235c4c7e9c7591ac1016549",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
github	www.github.com/code100x/cms/pull/1927/changes/90b489ee7c63c301107d6374d4b3f2b8e4060fe5
github	www.github.com/code100x/cms/pull/1927/changes/88c6c5e94e23da101235c4c7e9c7591ac1016549
github	www.github.com/code100x/cms/pull/1927
github	www.github.com/code100x/cms/issues/1924
vulncheck	www.vulncheck.com/advisories/code100x-mobile-api-authentication-bypass-via-header-spoofing

26 May 2026 20:16Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.2

CVSS 48.8

EPSS0.00096

SSVC

CWE-639