PT-2026-50569 · Pypi+1 · Vantage6

Published

2026-06-05

Updated

2026-06-17

CVE-2026-54445

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0

Description An open-source infrastructure for privacy preserving analysis provides an initial user with the username root and password root. This configuration is insecure as attackers are aware that most servers possess a root user with administrative privileges, and the default password is weak and may not be reset by administrators.

Recommendations Update to version 5.0.0. As a temporary workaround, delete the root user after it has been used to create other users.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-204CWE-1393

Related Identifiers

CVE-2026-54445

GHSA-FGMC-2HQJ-86V4

Affected Products

Vantage6

PT-2026-50569 · Pypi+1 · Vantage6

CVE-2026-54445

Weakness Enumeration

Related Identifiers

Affected Products

References · 5