Cyber Posture

CVE-2026-2110

LowPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0020 42.2th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack…

more

is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match
prevent

AC-7 enforces limits on consecutive unsuccessful logon attempts and automatic account lockouts, directly preventing brute-force exploitation of the improper restriction in /login.php.

SC-5 Denial-of-service Protection partial match
prevent

SC-5 provides denial-of-service protections that mitigate excessive authentication requests flooding the vulnerable /login.php endpoint.

SI-4 System Monitoring partial match
detect

SI-4 enables continuous monitoring of login activities to identify and alert on brute-force patterns exploiting the lack of authentication attempt restrictions.

Security SummaryAI

CVE-2026-2110 is a vulnerability involving improper restriction of excessive authentication attempts in Tasin1025 SwiftBuy up to commit hash 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. The flaw affects an unknown functionality within the /login.php file, enabling manipulation that bypasses limits on repeated login attempts. This issue, linked to CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-799 (Improper Control of Interaction Frequency), carries a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and was published on 2026-02-07.

Remote attackers with network access and no privileges can exploit this vulnerability, though it requires high attack complexity and is rated as difficult to execute. Successful exploitation allows limited disclosure of confidential information (C:L) with no impact on integrity or availability, likely facilitating brute-force attacks against login credentials due to the lack of authentication attempt throttling.

Advisories from VulDB (ctiid.344686, id.344686, submit.746251) and WebSecurityInsights detail the issue, noting that an exploit has been publicly released and may be used in attacks. The product uses a rolling release model, providing no specific version details for affected or patched releases. The vendor was contacted early but provided no response, leaving no official patches or mitigations documented in the references.

Details

CWE(s)
CWE-307CWE-799

Affected Products

swiftbuy
swiftbuy
1.0

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
attack.mitre.org →
Why these techniques?

The vulnerability in /login.php allows bypassing authentication attempt limits, directly enabling exploitation of public-facing applications (T1190) and brute force attacks such as password guessing (T1110).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References