Basic Authentication Flaw in Apache Solr Affects User Security
CVE-2026-44825

8.1HIGH

Key Information:

Vendor: Apache
Status: Apache Solr
Vendor: CVE Published:; 1 June 2026

What is CVE-2026-44825?

A vulnerability in Apache Solr allows for remote unauthorized access due to hardcoded default credentials in the Basic Authentication setup tool. Versions 9.4.0 through 9.10.1 and 10.0.0 are particularly exposed, as attackers can leverage these known credentials to gain full control over the Solr cluster. To mitigate risk, it's critical to either remove the vulnerable template users from the security.json file or change their passwords. Future versions, 9.11.0 and 10.1.0, are expected to address this flaw. Clusters not using the BasicAuth bootstrap method or those with strong passwords set for template users are not affected.

Affected Version(s)

Apache Solr 9.4.0 <= 9.10.1

Apache Solr 10.0.0

References

https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbw...

vendor-advisory

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 7, 2026

Credit

Naveen Sunkavally, Horizon3.ai

CVE-2026-44825 Data

JSON