Skip to main content

Helix Core Server P4D

1 CVEs product

Monthly

CVE-2026-6043 HIGH This Week

Helix Core Server (P4D) before 2026.1 ships with insecure default configurations allowing remote unauthenticated attackers to create arbitrary user accounts, enumerate users, authenticate without passwords, and access repository contents via the built-in 'remote' user. EPSS score of 0.06% (19th percentile) suggests low observed exploitation attempts despite the high CVSS 8.8 score and SSVC classification as automatable with partial impact. No active exploitation confirmed (not in CISA KEV). Perforce reports this as vendor-disclosed with secure-by-default enforced in version 2026.1.

Authentication Bypass Helix Core Server P4D
NVD VulDB
CVSS 4.0
8.8
EPSS
0.1%
EPSS 0% CVSS 8.8
HIGH This Week

Helix Core Server (P4D) before 2026.1 ships with insecure default configurations allowing remote unauthenticated attackers to create arbitrary user accounts, enumerate users, authenticate without passwords, and access repository contents via the built-in 'remote' user. EPSS score of 0.06% (19th percentile) suggests low observed exploitation attempts despite the high CVSS 8.8 score and SSVC classification as automatable with partial impact. No active exploitation confirmed (not in CISA KEV). Perforce reports this as vendor-disclosed with secure-by-default enforced in version 2026.1.

Authentication Bypass Helix Core Server P4D
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy