CVE-2026-58466

Source
https://cve.org/CVERecord?id=CVE-2026-58466
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58466.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58466
Published
2026-07-02T19:56:47.347Z
Modified
2026-07-16T03:31:15.882589081Z
Severity
  • 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user()
Details

AutoBangumi before 3.2.8 contains a hard-coded default credentials vulnerability that allows unauthenticated attackers to authenticate as the administrator by using the publicly known default credentials seeded at startup via adddefaultuser() in the database user module when the users table is empty. Attackers can submit the default credentials to the authentication login endpoint to gain full control of the application, including RSS feed configuration, downloader configuration, and all authenticated API endpoints.

Database specific
{
    "cwe_ids": [
        "CWE-1392"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58466.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/estrellaxd/auto_bangumi

Affected ranges

Type
GIT
Repo
https://github.com/estrellaxd/auto_bangumi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.8"
        }
    ],
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.3.1
2.3.3
2.3.4
2.3.5
2.4.0
2.4.3
2.4.5
2.4.7
2.5.0
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.16
2.5.17
2.5.18
2.5.19
2.5.2
2.5.20
2.5.21
2.5.21-2
2.5.21-3
2.5.21-4
2.5.21-5
2.5.22
2.5.23
2.5.24
2.5.25
2.5.25-fix
2.5.3
2.5.6
2.5.7
2.5.7-1
2.5.7-2
2.5.8
2.5.9
2.6.0
2.6.1
2.6.10
2.6.2
2.6.3
2.6.4
2.6.5
2.6.5-fix
2.6.6
2.6.7
2.6.8
2.6.9
3.*
3.0
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.6-fix
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1
3.2.2
3.2.3
3.2.3-beta.1
3.2.4
3.2.5
3.2.6
Other
stable

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58466.json"