Cyber Resilience

CVE-2026-2110

MediumPublic PoC

Published: 07 February 2026

Published
07 February 2026
Modified
05 March 2026
KEV Added
Patch
CVSS Score v4 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0068 47.7th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-2110 is a medium-severity Improper Restriction of Excessive Authentication Attempts (CWE-307) vulnerability in Swiftbuy Swiftbuy. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 47.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-7 (Unsuccessful Logon Attempts) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-2110 is a vulnerability involving improper restriction of excessive authentication attempts in Tasin1025 SwiftBuy up to commit hash 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. The flaw affects an unknown functionality within the /login.php file, enabling manipulation that bypasses limits on repeated login attempts. This issue, linked to CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-799 (Improper Control of Interaction Frequency), carries a CVSS v3.1 base score of 3.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) and was published on 2026-02-07.

Remote attackers with network access and no privileges can exploit this vulnerability, though it requires high attack complexity and is rated as difficult to execute. Successful exploitation allows limited disclosure of confidential information (C:L) with no impact on integrity or availability, likely facilitating brute-force attacks against login credentials due to the lack of authentication attempt throttling.

Advisories from VulDB (ctiid.344686, id.344686, submit.746251) and WebSecurityInsights detail the issue, noting that an exploit has been publicly released and may be used in attacks. The product uses a rolling release model, providing no specific version details for affected or patched releases. The vendor was contacted early but provided no response, leaving no official patches or mitigations documented in the references.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack…

more

is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1110 Brute Force Credential Access
Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes are obtained.
Why these techniques?

The vulnerability in /login.php allows bypassing authentication attempt limits, directly enabling exploitation of public-facing applications (T1190) and brute force attacks such as password guessing (T1110).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32729Shared CWE-307, CWE-799
CVE-2026-33667Shared CWE-307
CVE-2026-33640Shared CWE-307
CVE-2025-67853Shared CWE-307
CVE-2026-24017Shared CWE-799
CVE-2025-12547Shared CWE-307, CWE-799
CVE-2026-8760Shared CWE-307
CVE-2025-63807Shared CWE-307
CVE-2026-26305Shared CWE-307
CVE-2025-12995Shared CWE-307

Affected Assets

swiftbuy
swiftbuy
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-7 enforces limits on consecutive unsuccessful logon attempts and automatic account lockouts, directly preventing brute-force exploitation of the improper restriction in /login.php.

prevent

SC-5 provides denial-of-service protections that mitigate excessive authentication requests flooding the vulnerable /login.php endpoint.

detect

SI-4 enables continuous monitoring of login activities to identify and alert on brute-force patterns exploiting the lack of authentication attempt restrictions.

References