PT-2026-45073 · Apache · Apache Solr

Naveen Sunkavally

Published

2026-05-29

Updated

2026-06-12

CVE-2026-44825

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Solr versions 9.4.0 through 9.10.1 Apache Solr version 10.0.0

Description The Basic Authentication setup tool bin/solr auth enable contains hardcoded credentials. This allows a remote attacker to gain full administrative access to the cluster using publicly known default credentials that are installed silently alongside the account specified by the user.

Recommendations For versions 9.4.0 through 9.10.1, upgrade to version 9.11.0. For version 10.0.0, upgrade to version 10.1.0. As a temporary workaround, delete the template users (superadmin, admin, search, index) from security.json or change their passwords.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-1188

Related Identifiers

BIT-SOLR-2026-44825

CVE-2026-44825

Affected Products

Apache Solr

PT-2026-45073 · Apache · Apache Solr

CVE-2026-44825

Weakness Enumeration

Related Identifiers

Affected Products

References · 15