PT-2026-55288 · Unknown · Auto Bangumi

George Chen

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-58466

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions AutoBangumi versions prior to 3.2.8
Description An issue exists where hard-coded default credentials are seeded at startup via the add default user() function in the database user module when the users table is empty. This allows unauthenticated attackers to authenticate as the administrator by submitting these credentials to the authentication login endpoint. Successful exploitation grants full control of the application, including the downloader configuration, RSS feed configuration, and all authenticated API endpoints.
Recommendations Update to version 3.2.8 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58466

Affected Products

Auto Bangumi