Weak Default Credentials in Vantage6 Open-Source Infrastructure
CVE-2026-54445

6.9MEDIUM

Key Information:

Vendor

Vantage6

Status
Vantage6
Vendor
CVE Published:
17 June 2026

What is CVE-2026-54445?

Vantage6, an open-source infrastructure designed for privacy-preserving analysis, has a security concern in versions prior to 5.0.0 due to weak default credentials. These versions come pre-configured with the username 'root' and the password 'root', which poses significant risk as these defaults are widely known. Attackers potentially exploit these weak credentials to gain administrative access. The security flaw allows for unauthorized control if system administrators neglect to change the default password after the initial setup. As a security measure, users are advised to delete the 'root' user account as soon as a new user is established. The issue is resolved in version 5.0.0 and upgrading is strongly recommended for all users.

Affected Version(s)

vantage6 < 5.0.0

References

https://github.com/vantage6/vantage6/security/advisories/...
x_refsource_CONFIRM
https://github.com/vantage6/vantage6/issues/1932
x_refsource_MISC
https://github.com/vantage6/vantage6/blob/main/docs/relea...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.