CVE-2026-54445
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
In versions prior to 5.0.0 of the vantage6 software, the default user `root` with the password `root` poses a significant security risk. Attackers can easily gain access to the system as many vantage6 servers have this user with admin rights.
Risk Assessment
Organizations may be exposed to unauthorized access and potential data breaches if default login credentials are not changed. This can lead to serious consequences, including data loss and reputational damage.
Recommendation
It is recommended to upgrade to version 5.0.0 or to delete the `root` user after creating other users. Additionally, ensure that all default passwords are changed to stronger ones.
Original NVD description (English source)
vantage6 is an open-source infrastructure for privacy preserving analysis. Versions prior to 5.0.0 provide an initial user with username `root` and password `root`. This is not ideal because attackers know that almost all vantage6 servers have a user with username `root` that probably has admin rights, and the initial password is very weak and it is possible that administrators forget to reset it. Version 5.0.0 fixes the issue. As a workaround, it is possible to delete the `root` user after it has been used to create other users.

