CVE Catalog

CVE-2026-54445

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

In versions prior to 5.0.0 of the vantage6 software, the default user `root` with the password `root` poses a significant security risk. Attackers can easily gain access to the system as many vantage6 servers have this user with admin rights.

Risk Assessment

Organizations may be exposed to unauthorized access and potential data breaches if default login credentials are not changed. This can lead to serious consequences, including data loss and reputational damage.

Recommendation

It is recommended to upgrade to version 5.0.0 or to delete the `root` user after creating other users. Additionally, ensure that all default passwords are changed to stronger ones.

Original NVD description (English source)

vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is not ideal because attackers know that almost all vantage6 servers have a user with username `root` that probably has admin rights, and the initial password is very weak and it is possible that administrators forget to reset it. Version 5.0.0 fixes the issue. As a workaround, it is possible to delete the `root` user after it has been used to create other users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS