GHSA-hj7x-hmf2-hc2p

Опубликовано: 23 мар. 2026

Источник: github

Github: Прошло ревью

CVSS3: 9.4

Описание

Harbor allows the use of the default password for web UI login

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2026-4404
https://github.com/goharbor/harbor/issues/1937
https://github.com/goharbor/harbor/pull/22751
https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%20you%20did%20not%20change%20them%20in%20harbor.yml,%20the%20default%20administrator%20username%20and%20password%20are%20admin%20and%20Harbor12345
https://www.kb.cert.org/vuls/id/577436

Пакеты

Наименование

github.com/goharbor/harbor

Затронутые версииВерсия исправления

<= 2.15.0

Отсутствует

EPSS

Процентиль: 17%

0.00055

Низкий

9.4 Critical

CVSS3

CVE ID

CVE-2026-4404

Дефекты

CWE-1393

CWE-798

Связанные уязвимости

CVE-2026-4404

CVSS3: 9.4

nvd

17 дней назад

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.

EPSS

Процентиль: 17%

0.00055

Низкий

9.4 Critical

CVSS3

CVE ID

CVE-2026-4404

Дефекты

CWE-1393

CWE-798