CVE-2026-44825

Published: Giu 01, 2026 Last Modified: Giu 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account.

As an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.json or change their passwords.
The future, not yet released, versions 9.11.0 and 10.1.0 will not be vulnerable, and it will be enough to upgrade to solve the issue.

Not affected:
* Clusters where bin/solr auth enable was not used to bootstrap BasicAuth
* Clusters where template users have been assigned strong passwords after bootstrap

798

Use of Hard-coded Credentials

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Integrity Confidentiality Availability Other
Potential Impacts:
Bypass Protection Mechanism Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands Other
Applicable Platforms
Technologies: Mobile, ICS/OT
Likelihood of Exploit: High
View CWE Details
1188

Initialization of a Resource with an Insecure Default

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
http://www.openwall.com/lists/oss-security/2026/05/29/6
http://www.openwall.com/lists/oss-security/2026/05/29/6
https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlr…
https://lists.apache.org/thread/5xg6xr99glocp3zsg9ht2zlbwlrst7ch