Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
AnalysisAI
GoHarbor Harbor versions 2.15.0 and earlier contain hardcoded default credentials that allow unauthenticated attackers to gain administrative access to the web UI using the default username 'admin' and password 'Harbor12345'. This vulnerability enables complete compromise of the container registry, including image manipulation, deletion, and unauthorized access to stored artifacts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Remote unauthenticated attacker exploiting GoHarbor Harbor versions 2.15.0 and below with unchanged default credentials. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This vulnerability presents critical real-world risk despite the absence of a CVSS score and EPSS data in the available intelligence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker discovers a Harbor instance exposed on the internet or accessible from a compromised internal network, then navigates to the Harbor web UI login page. Using the known default credentials (admin / Harbor12345), the attacker successfully authenticates as the administrator without requiring any additional exploits or techniques. … |
| Remediation | Upgrade GoHarbor Harbor to version 2.15.1 or later, which implements secure credential initialization. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all affected systems running GoHarbor Harbor and apply vendor patches immediately. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1393 – Use of Default Password
View allSame technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14455