CVE-2026-10070 | macrozheng mall up to 1.0.3 Super Admin Password /admin/update/ improper authorization (Issue 970)

This advisory describes a critical improper-authorization vulnerability (CVE-2026-10070) in macrozheng mall ≤1.0.3 affecting the /admin/update Super Admin Password Handler; the issue can impact confidentiality, integrity and availability, is remotely reachable though requires additional authentication, no public exploit exists, and the vendor deleted the GitHub issue and did not respond to disclosure.