Nixpkgs security tracker

Permalink CVE-2026-4404

9.4 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): LOW

created 3 weeks, 5 days ago

Use of hard coded credentials in GoHarbor Harbor

Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.

References

Affected products

Harbor

=<2.15.0

Matching in nixpkgs

pkgs.harbor-cli

Command-line tool facilitates seamless interaction with the Harbor container registry

nixos-unstable 0.0.18
- nixpkgs-unstable 0.0.18
- nixos-unstable-small 0.0.18
nixos-25.11 0.0.14
- nixos-25.11-small 0.0.14
- nixpkgs-25.11-darwin 0.0.14

pkgs.terraform-providers.harbor

None

nixos-unstable 3.11.3
- nixpkgs-unstable 3.11.3
- nixos-unstable-small 3.11.3
nixos-25.11 3.11.2
- nixos-25.11-small 3.11.2
- nixpkgs-25.11-darwin 3.11.2

pkgs.terraform-providers.goharbor_harbor