CVE-2026-44159
Awaiting Analysis Awaiting Analysis - Queue
Default Admin Credentials in Tyler Identity Local

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and has not been supported since 2021.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-44159
EUVD
EUVD-2026-30937
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tyler_technologies tyler_identity_local *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves Tyler Identity Local (TID-L) using documented, default administrative credentials that users are not required to change before deployment.

Because these default credentials are well-known and remain unchanged, attackers can potentially gain unauthorized administrative access to the system.

Additionally, TID-L has not been distributed since December 2020 and has not been supported since 2021.

Impact Analysis

The use of default administrative credentials can allow attackers to gain full administrative access without needing to bypass authentication.

This can lead to unauthorized control over the affected system, potentially resulting in data breaches, system manipulation, or disruption of services.

Given the high CVSS scores (9.3 v4.0 and 9.8 v3.1), the impact is severe, indicating critical confidentiality, integrity, and availability risks.

Mitigation Strategies

The vulnerability arises because Tyler Identity Local (TID-L) uses documented, default administrative credentials that users are not required to change before deployment.

Immediate mitigation steps include changing the default administrative credentials before deploying the system to prevent unauthorized access.

Additionally, since TID-L has not been distributed since December 2020 and is no longer supported since 2021, consider discontinuing its use and migrating to supported and secure alternatives.

Compliance Impact

This vulnerability involves the use of documented, default administrative credentials that are not required to be changed before deployment. Such a security weakness can lead to unauthorized access to sensitive systems and data.

Failure to change default credentials and the resulting potential for unauthorized access can negatively impact compliance with common standards and regulations such as GDPR and HIPAA, which mandate appropriate access controls and protection of sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44159. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart