CVE-2026-8803 | opensourcepos Open Source Point of Sale up to 3.4.2 Employee Login app/Models/Employee.php login weak hash

A vulnerability, which was classified as problematic, has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee Login. This manipulation causes use of weak hash.

This vulnerability is registered as CVE-2026-8803. Remote exploitation of the attack is possible. No exploit is available.

The actual existence of this vulnerability is currently in question.

The vendor explains: “[T]he code is still there to allow the upgrade path to work. The default password is initially seeded with the old hash function, but then migrated to a newer one after login. [T]he hash version check might be cleaned up in the future. Currently it’s not actively in use as any password change will use a newer hash function.”

CVE-2026-8803 | opensourcepos Open Source Point of Sale up to 3.4.2 Employee Login app/Models/Employee.php login weak hash

Post correlati

CVE-2026-33990 | docker model-runner up to 1.1.24 server-side request forgery

CVE-2024-47919 | TikiWiki up to 27.x os command injection

CVE-2024-32161 | jizhiCMS 2.5 unrestricted upload

CVE-2024-28094 | Schoolbox up to 23.1.2 Chat sql injection