CVE-2026-53692
Received Received - Intake

Weak MD5 Password Hashing in Redeight CMS 1.0

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: CERT.PL

Description
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically broken algorithm and lacks salting, attackers who obtain the password hashes can trivially reverse them using rainbow tables, leading to the exposure of plaintext credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-53692
EUVD
EUVD-2026-40294

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
redeight cms 1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-261 Obscuring a password with a trivial encoding does not protect the password.
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability involves the use of the MD5 algorithm without salting to store user passwords, which is cryptographically broken and allows attackers to easily reverse password hashes. This exposure of plaintext credentials can lead to unauthorized access to personal data.

Such a weakness in password storage can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require adequate protection of personal and sensitive data to prevent unauthorized access and data breaches.

Executive Summary

Redeight CMS version 1.0 stores user passwords using the MD5 hashing algorithm without adding a salt.

MD5 is a cryptographically broken algorithm, and without salting, the password hashes are vulnerable to being reversed by attackers using rainbow tables.

This means that if an attacker obtains the password hashes, they can easily recover the original plaintext passwords.

Impact Analysis

If an attacker gains access to the password hashes stored by Redeight CMS, they can quickly reverse them to obtain users' plaintext passwords.

This can lead to unauthorized access to user accounts, potential data breaches, and compromise of sensitive information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart