Main Vulnerability Database Vulnerabilities #VU133400

Use of hard-coded credentials in Apache Solr - CVE-2026-44825

Published: June 4, 2026

Vulnerability identifier: #VU133400

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-44825

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apache Foundation

Affected software:
Apache Solr

Detailed vulnerability description

The vulnerability allows a remote attacker to gain full administrative access to the cluster.

The vulnerability exists due to hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) when bootstrapping BasicAuth. A remote attacker can authenticate with publicly known default credentials to gain full administrative access to the cluster.

Only clusters where BasicAuth was bootstrapped using the tool are affected.

How to mitigate CVE-2026-44825

Install security update from vendor's website.

Use of hard-coded credentials in Apache Solr - CVE-2026-44825

Detailed vulnerability description

How to mitigate CVE-2026-44825

Sources

Please verify you're human