Skip to main content

Central Dogma CVE-2026-11746

| EUVDEUVD-2026-38207 CRITICAL
Use of Hard-coded Credentials (CWE-798)
2026-06-22 LY-Corporation
9.4
CVSS 4.0 · Vendor: LY-Corporation
Share

Severity by source

Vendor (LY-Corporation) PRIMARY
9.4 CRITICAL
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
9.6 CRITICAL

Adjacent ZooKeeper port reachability (AV:A), no auth thanks to hard-coded secret (PR:N), low complexity, and scope change because cluster-wide replicated commands affect all peers.

3.1 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (LY-Corporation).

CVSS VectorVendor: LY-Corporation

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 22, 2026 - 06:12 vuln.today

DescriptionCVE.org

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper ensemble, allowing an attacker with network access to read the full replication log or join the quorum and execute arbitrary replicated commands across the cluster.

AnalysisAI

Cluster-wide remote code execution in LY Corporation's centraldogma-server prior to 0.84.0 occurs when ZooKeeper replication is enabled without explicitly configuring replication.secret, causing the embedded ZooKeeper ensemble to authenticate using a hard-coded, publicly known fallback credential. An adjacent attacker with network reachability to the replication ports can read the entire replication log or join the quorum to issue arbitrary replicated commands. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify reachable Central Dogma cluster
Delivery
Connect to ZooKeeper replication port
Exploit
Authenticate with hard-coded secret
Execution
Join quorum or tail replication log
Persist
Submit replicated commands cluster-wide
Impact
Pivot via exfiltrated config secrets

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) the target centraldogma-server to be running a version prior to 0.84.0 with ZooKeeper replication enabled, (2) the operator to have failed to set the replication.secret configuration property - which triggers the silent fallback to the hard-coded value, and (3) the attacker to have adjacent-network reachability (CVSS AV:A) to the embedded ZooKeeper ensemble ports on a cluster node. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector AV:A/AC:L/AT:N/PR:N/UI:N with VC:H/VI:H/VA:H and subsequent-system SC:H/SI:H/SA:H produces a 9.4 score, reflecting an adjacent-network, unauthenticated path to full compromise of every node in the cluster - a realistic rating given the hard-coded secret. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who gains a foothold on the same network segment as a Central Dogma cluster (for example, a compromised CI runner or neighboring container) scans for the ZooKeeper replication ports and connects using the publicly known hard-coded secret. Once authenticated to the ensemble they either passively stream the replication log to harvest configuration secrets stored in Central Dogma, or actively join the quorum and submit replicated commands that propagate malicious configuration to every consuming application. …
Remediation Vendor-released patch: Central Dogma 0.84.0 - upgrade centraldogma-server to 0.84.0 or later, which removes the silent fallback to the hard-coded secret. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all centraldogma-server deployments with ZooKeeper replication enabled; implement network firewall rules restricting access to replication ports (2181, 2888, 3888) to authorized internal hosts only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-11746 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy