Hard-Coded Credentials Flaw in GoHarbor Harbor Triggers Patch Warning
CERT/CC published advisory VU#577436 for a hard-coded credentials vulnerability in GoHarbor Harbor, identifying a security flaw that could expose deployments using the container registry platform. The issue was classified as a vulnerability in Harbor itself, with the advisory highlighting the presence of embedded credentials that could undermine authentication controls and increase the risk of unauthorized access.
Belgium's Center for Cybersecurity (CCB) later issued a public warning describing the GoHarbor Harbor issue as critical and urging organizations to patch immediately. The alert signals elevated concern for enterprises that rely on Harbor to store and manage container images, as unremediated systems could be at risk if attackers are able to leverage the hard-coded credentials vulnerability.
Timeline
Mar 25, 2026
Belgium CCB warns of critical Harbor vulnerability and urges immediate patching
The Centre for Cybersecurity Belgium issued an advisory warning about a critical vulnerability in GoHarbor Harbor and told organizations to patch immediately. This reflects official follow-on guidance and response activity around the disclosed flaw.
Dec 16, 2025
CERT/CC publishes VU#577436 for Harbor hard-coded credentials flaw
CERT/CC published vulnerability note VU#577436 describing a hard-coded credentials vulnerability affecting GoHarbor's Harbor product. This marks the public disclosure of the issue in the provided references.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
High-Severity Flaws Expose Harbor to Default-Password Access and N2WS to RCE
Two high-severity vulnerabilities were disclosed affecting widely used infrastructure software. **GoHarbor Harbor** is affected by `CVE-2026-4404`, a hard-coded/default credential issue in version `2.15.0` and below that can let attackers authenticate to the Harbor web UI with the default administrator password if it was never changed. The published scoring indicates the flaw is network-accessible, requires no privileges or user interaction, and can lead to high confidentiality and integrity impact. **N2WS Backup & Recovery** is affected by `CVE-2025-32991`, which impacts versions before `4.4.0` and can lead to remote code execution through a two-step attack against the product’s RESTful API. The CVSS v3.1 vector rates the issue as remotely exploitable with no required privileges or user interaction, despite high attack complexity, and assigns high impact across confidentiality, integrity, and availability. The CVE entry was updated with links to an N2WS security advisory and vendor resources.
1 months ago
Critical Authentication Bypass in Hirschmann HiOS and HiSecOS Grants Admin Access
Hirschmann disclosed a critical vulnerability, tracked as **`CVE-2018-25236`**, in the HTTP(S) management module of multiple **HiOS** and **HiSecOS** product lines, including **RSP, RSPE, RSPS, RSPL, MSP, EES, EESX, GRS, OS, RED, and EAGLE**. The flaw allows an unauthenticated remote attacker to send specially crafted HTTP requests and gain administrative access to affected devices without valid credentials. The issue stems from improper authentication handling that can cause a new request to inherit the authentication state and privileges of a previously authenticated user. Belgium's Centre for Cybersecurity (CCB) issued a warning describing the bug as critical and urged organizations using affected Hirschmann industrial networking products to patch immediately to prevent unauthorized takeover of device management interfaces.
4 weeks ago
Mass Exposure of Live Credentials in Public Docker Hub Images
Security researchers at Flare have discovered that over 10,000 public Docker Hub container images are leaking sensitive secrets, including live credentials for production systems, cloud services, CI/CD pipelines, and AI platforms. The exposed data affects more than 100 organizations, ranging from small businesses to a Fortune 500 company and a major national bank. Many of these secrets are not placeholders but active credentials, with nearly 4,000 API keys for large language models such as OpenAI, HuggingFace, Anthropic, Gemini, and Groq found in the wild. In some cases, a single image contained five or more exposed secrets, significantly increasing the risk of unauthorized access to critical infrastructure. The leaks are often the result of developers inadvertently including sensitive files and hard-coded keys in Docker images, which are then published to public repositories. A notable portion of the exposed secrets comes from "shadow IT" accounts—personal or team Docker Hub registries outside formal corporate oversight—making them difficult for organizations to monitor and secure. The majority of affected organizations are in the software development sector, but the exposure also impacts finance, banking, and AI companies. This incident highlights the urgent need for improved security hygiene and automated scanning in the container development lifecycle to prevent inadvertent credential leaks.
1 months ago