CVE-2026-4404 Use — Exploit & Vulnerability Details CRITICAL

CVE-2026-4404

CRITICAL CVSS 3.1: 9.4 EPSS 0.04%

Parameter	Value
CVSS	9.4 (CRITICAL)
Type	CWE-798 (Hardcoded Credentials), CWE-1393 (Use of Default Password)
Vendor	Use
Public PoC	No

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-798 Hardcoded Credentials

CWE-1393 Use of Default Password

References 5

https://cwe.mitre.org/data/definitions/1393.html

cret@cert.org

https://github.com/goharbor/harbor/issues/1937

cret@cert.org

https://github.com/goharbor/harbor/pull/22751

cret@cert.org

https://goharbor.io/docs/1.10/install-config/run-installer-script/#:~:text=If%2…

cret@cert.org

https://www.kb.cert.org/vuls/id/577436

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-20996

Use

7.1

CVE-2025-32467

Use

5.6

Menu

CVE-2026-4404

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 5

Related Vulnerabilities

CVE-2026-20996

CVE-2025-32467

CVE Details

Editor's Choice

Menu

CVE-2026-4404

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 5

Related Vulnerabilities

CVE-2026-20996

CVE-2025-32467

CVE Details

Editor's Choice

Stay informed on cybersecurity