Main Vulnerability Database SB20260604102

SB20260604102 - Use of hard-coded credentials in Apache Solr

Published: June 4, 2026

Security Bulletin ID SB20260604102

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2026-44825)

CWE-ID: CWE-798 - Use of Hard-coded Credentials

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to gain full administrative access to the cluster.

The vulnerability exists due to hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) when bootstrapping BasicAuth. A remote attacker can authenticate with publicly known default credentials to gain full administrative access to the cluster.

Only clusters where BasicAuth was bootstrapped using the tool are affected.

Remediation

Install update from vendor's website.

SB20260604102 - Use of hard-coded credentials in Apache Solr

Breakdown by Severity

Description

Remediation

References

Please verify you're human