Ctrl + K
/ news / CVE
CVEPublished 2026-02-07Modified 2026-04-290 articles on news6 live referencesNVD data

CVE-2026-2110Swiftbuy · Swiftbuy

Vulnerability data via NVD (ingested)

CVSS v3.1
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS percentile
42
Exploit Prediction Scoring System · top 58% of all CVEs
Weaknesses (CWE)
CWE-307Improper Restriction of Excessive Authentication AttemptsCWE-799Improper Control of Interaction Frequency
Description

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

Timeline
Published 2026-02-07
Modified 2026-04-29

External references

NVDMITREExploit-DBGitHub PoCSploitusVulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts
vuln:CVE-2026-2110
Hosts Shodan has explicitly fingerprinted as vulnerable.
Shodan · product + version
product:"Swiftbuy Swiftbuy" version:"1.0"
Version-pinned fingerprint from NVD's first vulnerable CPE.
Shodan · banner/body mention
http.html:"Swiftbuy"
HTTP body or banner mentions "Swiftbuy" — catches deploys Shodan didn't identify as a product.
More intel sources (5)
Shodan report
vuln:CVE-2026-2110
Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2026-2110
Censys host search filtered to this CVE id.
grep.app
CVE-2026-2110
Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2026-2110
GitHub code search for direct mentions.
Google dork
"CVE-2026-2110" exploit -site:nvd.nist.gov
Write-ups and news, NVD excluded.

Known PoCs on GitHub (8)

CVE-2026-21108 repos
codefuse-ai/Awesome-Code-LLMunknown
[TMLR] A curated list of language modeling researches for code (and other software engineering activities), plus related datasets.
★ 3,377·updated 2w ago
maxgfr/awesome-starsunknown
List of repositories that I liked on Github
★ 22·updated today
saforem2/awesome-starsunknown
A curated list of my GitHub stars!
★ 20·updated today
hiifong/starListPython
Export your star's repository list
★ 18·updated today
iamthefrogy/BountyHoundShell
Monitors and curates bug-bounty related repositories weekly (Monday).
★ 16·updated 1d ago
hugefiver/mystarsunknown
★ 16·updated today
chnzzh/OpenSSL-CVE-libunknown
★ 7·updated today
oslook/n8n-workflowsunknown
4200 + Workflow Automation Templates are Grouped by Categories/Services for easy navigation
★ 6·updated 10mo ago
We haven't classified any articles referencing CVE-2026-2110 yet. The external references above still apply.