CVE-2026-4404
CRITICAL
NVD
CVSS Score
9.4
Severity
CRITICAL
Published
Mar 23, 2026
Vendor
unknown
Description
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
References
- https://cwe.mitre.org/data/definitions/1393.html
- https://github.com/goharbor/harbor/issues/1937
- https://github.com/goharbor/harbor/pull/22751
- https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345
- https://www.kb.cert.org/vuls/id/577436