CVE-2026-54445

Source
https://cve.org/CVERecord?id=CVE-2026-54445
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54445.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-54445
Aliases
Published
2026-06-17T22:14:51.461Z
Modified
2026-07-08T08:13:42.591011520Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
Vantage6: Set admin user and password from environment or configuration
Details

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username root and password root. This is not ideal because attackers know that almost all vantage6 servers have a user with username root that probably has admin rights, and the initial password is very weak and it is possible that administrators forget to reset it. Version 5.0.0 fixes the issue. As a workaround, it is possible to delete the root user after it has been used to create other users.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/54xxx/CVE-2026-54445.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-1393",
        "CWE-204"
    ]
}
References

Affected packages

Git / github.com/vantage6/vantage6

Affected ranges

Type
GIT
Repo
https://github.com/vantage6/vantage6
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.0.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v3.*
v3.4.0
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0a6
v3.4.1
v3.4.1a0
v3.4.1a1
v3.4.1a2
v3.4.1a3
v3.4.2
v3.4.2a0
v3.4.3
v3.5.0
v3.5.0rc2
v3.5.0rc3
v3.5.1
v3.5.2
v3.6.1
v3.6.1rc1
v3.6.1rc2
v3.6.1rc3
v3.7.0
v3.7.0rc1
v3.7.0rc2
v3.7.1
v3.7.2
v3.7.3
v3.8.0rc2
v3.8.0rc3
version/0.*
version/0.0.0b3
version/3.*
version/3.10.0
version/3.10.1
version/3.10.2
version/3.10.3
version/3.10.4
version/3.3.0
version/3.3.0rc1
version/3.3.0rc2
version/3.3.0rc3
version/3.3.0rc4
version/3.3.1
version/3.3.2
version/3.3.3
version/3.3.4
version/3.3.5
version/3.3.6
version/3.3.7
version/3.3.8a1
version/3.3.8a2
version/3.3.8a3
version/3.3.8a4
version/3.3.8a5
version/3.3.8a6
version/3.3.8a7
version/3.3.8a8
version/3.3.8a9
version/3.4.0
version/3.4.0a0
version/3.4.0a1
version/3.4.0a2
version/3.4.0a3
version/3.4.0a4
version/3.4.0a5
version/3.4.0a6
version/3.4.1
version/3.4.1a0
version/3.4.1a1
version/3.4.1a2
version/3.4.1a3
version/3.4.2
version/3.4.2a0
version/3.4.3
version/3.5.0
version/3.5.0rc2
version/3.5.0rc3
version/3.5.1
version/3.5.2
version/3.6.1
version/3.6.1rc1
version/3.6.1rc2
version/3.6.1rc3
version/3.7.0
version/3.7.0rc1
version/3.7.0rc2
version/3.7.1
version/3.7.2
version/3.7.3
version/3.8.0rc2
version/3.8.0rc3
version/3.9.0
version/3.9.0rc1
version/3.9.0rc2
version/3.9.0rc3
version/3.9.0rc4
version/4.*
version/4.0.3
version/4.1.0
version/4.1.1
version/4.1.2
version/4.1.3
version/4.2.2
version/4.2.3
version/4.3.2
version/4.5.1
version/4.5.2
version/4.5.5
version/5.*
version/5.0.0a0
version/5.0.0a10
version/5.0.0a11
version/5.0.0a12
version/5.0.0a13
version/5.0.0a14
version/5.0.0a15
version/5.0.0a16
version/5.0.0a17
version/5.0.0a18
version/5.0.0a19
version/5.0.0a2
version/5.0.0a20
version/5.0.0a21
version/5.0.0a22
version/5.0.0a23
version/5.0.0a24
version/5.0.0a25
version/5.0.0a26
version/5.0.0a28
version/5.0.0a29
version/5.0.0a3
version/5.0.0a30
version/5.0.0a31
version/5.0.0a32
version/5.0.0a33
version/5.0.0a34
version/5.0.0a35
version/5.0.0a36
version/5.0.0a38
version/5.0.0a39
version/5.0.0a4
version/5.0.0a40
version/5.0.0a41
version/5.0.0a42
version/5.0.0a43
version/5.0.0a44
version/5.0.0a46
version/5.0.0a47
version/5.0.0a5
version/5.0.0a6
version/5.0.0a7
version/5.0.0a8
version/5.0.0a9
version/5.0.0b1
version/5.0.0rc1
version/5.0.0rc10
version/5.0.0rc2
version/5.0.0rc3
version/5.0.0rc4
version/5.0.0rc5
version/5.0.0rc6
version/5.0.0rc7
version/5.0.0rc8
version/5.0.0rc9
version/5.0.0rc91

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-54445.json"