Hard-Coded Default Credentials Vulnerability in AutoBangumi by EstrellaXD
CVE-2026-58466
9.3CRITICAL
What is CVE-2026-58466?
AutoBangumi versions prior to 3.2.8 are susceptible to a vulnerability that allows unauthenticated attackers to access the application as an administrator using hard-coded default credentials. This occurs when the users table is empty and the add_default_user() function seeds these credentials at startup. Attackers can exploit this flaw to gain complete control over the application, compromising crucial settings such as RSS feed and downloader configurations, as well as accessing all authenticated API endpoints.
Affected Version(s)
Auto_Bangumi 0 < 3.2.8
