CVE-2026-54445— Vantage6: Set admin user and password from environment or configuration
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54445
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Vantage6: Set admin user and password from environment or configuration
Source: NVD (National Vulnerability Database)
Vulnerability Description
vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is not ideal because attackers know that almost all vantage6 servers have a user with username `root` that probably has admin rights, and the initial password is very weak and it is possible that administrators forget to reset it. Version 5.0.0 fixes the issue. As a workaround, it is possible to delete the `root` user after it has been used to create other users.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
响应差异性信息暴露
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-54445
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54445
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-54445 (2)
Same Patch Batch · vantage6 · 2026-06-17 · 4 CVEs total
| CVE-2026-54533 | vantage6 node has an Improper Access Control issue | |
| CVE-2024-24769 | Vantage6: No limit on emails sent for password/MFA reset | |
| CVE-2024-27928 | Vantage6: 2FA can be circumvented with hacked email access |
IV. Related Vulnerabilities
Same product: vantage6
- CVE-2026-54533
vantage6 node has an Improper Access Control issue - CVE-2024-27928
Vantage6: 2FA can be circumvented with hacked email access - CVE-2024-24769
Vantage6: No limit on emails sent for password/MFA reset - CVE-2025-43866
Vantage6 Server JWT secret not cryptographically secure - CVE-2025-43863
vantage6 lacks brute-force protection on change password fun
Same vendor: vantage6
- CVE-2026-54533
vantage6 node has an Improper Access Control issue - CVE-2024-27928
Vantage6: 2FA can be circumvented with hacked email access - CVE-2024-24769
Vantage6: No limit on emails sent for password/MFA reset - CVE-2025-43866
Vantage6 Server JWT secret not cryptographically secure - CVE-2025-43863
vantage6 lacks brute-force protection on change password fun
Same weakness: CWE-204
- CVE-2026-43926
FOSSBilling's password reset confirmation endpoint lacks rat - CVE-2026-45620
AVideo CVE-2026-43881 incomplete fix - `objects/mention.json - CVE-2018-25350
userSpice 4.3.24 Username Enumeration via existingUsernameCh - CVE-2026-44306
Statamic: Email enumeration via forgot password endpoint - CVE-2024-0391
Username Enumeration via Email OTP Flow in Multiple WSO2 Pro
V. Comments for CVE-2026-54445
No comments yet