CVE-2026-4404
9.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Harbor | Harbor | 0.1.0 <= 2.15.0 | affected |
Weaknesses
- CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345
- https://github.com/goharbor/harbor/issues/1937
- https://cwe.mitre.org/data/definitions/1393.html
- https://github.com/goharbor/harbor/pull/22751
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.