CVE-2026-4404
CRITICAL SEVERITYCVSS Score & Metrics
Base Score
9.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Vulnerability Description
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-798
Source
NVD
External References
- https://cwe.mitre.org/data/definitions/1393.html
- https://github.com/goharbor/harbor/issues/1937
- https://github.com/goharbor/harbor/pull/22751
- https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345
Discussion (0)
Add Comment
No comments yet. Be the first!