CRITICALCVE-2026-4404Published 2026-03-23Modified 2026-03-24CNA certcc

CVE-2026-4404: Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.

CVSS v3.1: 9.4
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Harbor / Harbor
≤ 2.15.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

References

goharbor.io
github.com
cwe.mitre.org
github.com

Metrics