High-Severity Flaws Expose Harbor to Default-Password Access and N2WS to RCE
Two high-severity vulnerabilities were disclosed affecting widely used infrastructure software. GoHarbor Harbor is affected by CVE-2026-4404, a hard-coded/default credential issue in version 2.15.0 and below that can let attackers authenticate to the Harbor web UI with the default administrator password if it was never changed. The published scoring indicates the flaw is network-accessible, requires no privileges or user interaction, and can lead to high confidentiality and integrity impact.
N2WS Backup & Recovery is affected by CVE-2025-32991, which impacts versions before 4.4.0 and can lead to remote code execution through a two-step attack against the product’s RESTful API. The CVSS v3.1 vector rates the issue as remotely exploitable with no required privileges or user interaction, despite high attack complexity, and assigns high impact across confidentiality, integrity, and availability. The CVE entry was updated with links to an N2WS security advisory and vendor resources.
Timeline
Mar 25, 2026
CVE-2025-32991 updated with CVSS, CWE, and advisory references
The CVE-2025-32991 record was updated to add a CVSS v3.1 vector, classify the issue as CWE-362, and include references to an N2WS security advisory update and the N2WS website.
Mar 25, 2026
CVE-2025-32991 disclosed for N2WS Backup & Recovery RCE
A CVE entry for CVE-2025-32991 was received for N2WS Backup & Recovery versions before 4.4.0, describing a two-step attack against the product's RESTful API that can result in remote code execution.
Mar 23, 2026
CVE-2026-4404 record updated with CVSS and CWE details
Later the same day, the CVE-2026-4404 record was modified to add CVSS v3.1 scoring and CWE mappings, characterizing the flaw as network-accessible, low complexity, and requiring no privileges or user interaction.
Mar 23, 2026
CVE-2026-4404 published for Harbor default admin password issue
A new CVE, CVE-2026-4404, was published for GoHarbor Harbor 2.15.0 and earlier, describing a hard-coded/default credential weakness that allows authentication to the Harbor web UI if the default administrator password was not changed.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Affected Products
Sources
Related Stories
Hard-Coded Credentials Flaw in GoHarbor Harbor Triggers Patch Warning
CERT/CC published advisory `VU#577436` for a hard-coded credentials vulnerability in **GoHarbor Harbor**, identifying a security flaw that could expose deployments using the container registry platform. The issue was classified as a vulnerability in Harbor itself, with the advisory highlighting the presence of embedded credentials that could undermine authentication controls and increase the risk of unauthorized access. Belgium's Center for Cybersecurity (CCB) later issued a public warning describing the GoHarbor Harbor issue as **critical** and urging organizations to patch immediately. The alert signals elevated concern for enterprises that rely on Harbor to store and manage container images, as unremediated systems could be at risk if attackers are able to leverage the hard-coded credentials vulnerability.
1 months ago
Multiple High-Impact Vulnerabilities Disclosed Across Diverse Software Platforms
A series of critical and high-severity vulnerabilities have been disclosed affecting a wide range of software products, including workflow automation tools, web applications, network devices, and desktop software. Notable issues include remote code execution (RCE) flaws in *n8n*, *Lilac-Reloaded for Nagios*, *FileZilla Client*, and *AVideo*, as well as privilege escalation vulnerabilities in products like *Versa SASE Client*, *AspEmail*, and *ActFax*. Several vulnerabilities allow unauthenticated attackers to upload arbitrary files, bypass authentication, or exploit weak session management, potentially leading to full system compromise or unauthorized access to sensitive data. Many of these vulnerabilities have public exploits available, increasing the risk of active exploitation in the wild. Vendors have released patches for several of the affected products, and administrators are strongly advised to update to the latest versions or apply recommended mitigations. The vulnerabilities span a variety of attack vectors, including buffer overflows, improper input validation, insecure file upload mechanisms, and misconfigured authentication endpoints. Organizations should prioritize patching systems exposed to the internet and review access controls to limit the impact of potential exploitation. Immediate attention is warranted for products with critical CVSS scores and those with known public exploits.
1 months ago
TWCERT/CC Discloses Critical Injection Flaws in NewSoftOA and Sunnet CTMS
TWCERT/CC published advisories for two high-severity enterprise software vulnerabilities that could let attackers compromise backend systems and data. **CVE-2026-5965** affects **NewSoftOA** from NewSoft and is an **OS command injection** flaw (`CWE-78`) that allows **unauthenticated remote attackers** to execute arbitrary operating system commands on the server. The issue carries a `CVSS v3.1` score with vector `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`, indicating low-complexity network exploitation with high impact across confidentiality, integrity, and availability. A second advisory, **CVE-2026-7489**, affects **Sunnet CTMS** and describes a **SQL injection** vulnerability (`CWE-89`) that allows **authenticated remote attackers** to run arbitrary SQL commands against the application database. Successful exploitation could enable reading, modifying, and deleting database contents, with a `CVSS v3.1` vector of `AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`. Both vulnerabilities were published with English and Chinese references by TWCERT/CC, underscoring continued exposure in internet-reachable business applications to injection attacks that can lead to full server compromise or severe database manipulation.
4 days ago