Description
A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-07
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Brute‑Force / DoS
Action: Mitigate
AI Analysis

Impact

An improper restriction of excessive authentication attempts was found in the /login.php file of Tasin1025 SwiftBuy. Based on the description, it is inferred that the flaw allows an attacker to launch an unlimited number of login attempts from a remote source, potentially enabling credential brute‑force or denial‑of‑service attacks. Because the vulnerability is not limited by account lockout or rate limiting, repeated attempts can overwhelm the authentication process or enable account takeover if credentials are guessed.

Affected Systems

The affected product is Tasin1025 SwiftBuy version 1.0, as indicated by the CPE entry. Any publicly reachable instance of this application is susceptible unless mitigated by external controls.

Risk and Exploitability

The issue carries a CVSS score of 6.3, which places it in the medium severity range. The EPSS score is reported as less than 1%, indicating a low but non‑zero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack is considered remote, the attack complexity is high, and exploitation is described as difficult. While the potential impact includes denial of service and possible account compromise, the likelihood of immediate exploitation remains low given the complexity and current lack of vendor response.

Generated by OpenCVE AI on April 18, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply rate‑limiting logic to the /login.php endpoint to restrict the number of authentication attempts per IP or account
  • Restrict or firewall access to the /login.php endpoint by IP address or network segment and enforce strong password policies for all accounts
  • Monitor authentication logs for repeated failed login attempts and automatically block offending IP addresses or enforce temporary account lockouts
  • Stay informed of vendor updates and plan to upgrade to a patched version once it becomes available

Generated by OpenCVE AI on April 18, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Swiftbuy
Swiftbuy swiftbuy
CPEs cpe:2.3:a:swiftbuy:swiftbuy:1.0:*:*:*:*:*:*:*
Vendors & Products Swiftbuy
Swiftbuy swiftbuy

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Tasin1025
Tasin1025 swiftbuy
Vendors & Products Tasin1025
Tasin1025 swiftbuy

Sat, 07 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
Title Tasin1025 SwiftBuy login.php excessive authentication
Weaknesses CWE-307
CWE-799
References
Metrics cvssV2_0

{'score': 2.6, 'vector': 'AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.7, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Swiftbuy Swiftbuy
Tasin1025 Swiftbuy
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:34:21.859Z

Reserved: 2026-02-06T14:25:50.481Z

Link: CVE-2026-2110

cve-icon Vulnrichment

Updated: 2026-02-10T16:10:21.918Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-07T20:15:56.373

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2110

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:30:45Z

Weaknesses