CVE-2026-44159
Default Admin Credentials in Tyler Identity Local
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tyler_technologies | tyler_identity_local | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Tyler Identity Local (TID-L) using documented, default administrative credentials that users are not required to change before deployment.
Because these default credentials are well-known and remain unchanged, attackers can potentially gain unauthorized administrative access to the system.
Additionally, TID-L has not been distributed since December 2020 and has not been supported since 2021.
How can this vulnerability impact me? :
The use of default administrative credentials can allow attackers to gain full administrative access without needing to bypass authentication.
This can lead to unauthorized control over the affected system, potentially resulting in data breaches, system manipulation, or disruption of services.
Given the high CVSS scores (9.3 v4.0 and 9.8 v3.1), the impact is severe, indicating critical confidentiality, integrity, and availability risks.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability arises because Tyler Identity Local (TID-L) uses documented, default administrative credentials that users are not required to change before deployment.
Immediate mitigation steps include changing the default administrative credentials before deploying the system to prevent unauthorized access.
Additionally, since TID-L has not been distributed since December 2020 and is no longer supported since 2021, consider discontinuing its use and migrating to supported and secure alternatives.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the use of documented, default administrative credentials that are not required to be changed before deployment. Such a security weakness can lead to unauthorized access to sensitive systems and data.
Failure to change default credentials and the resulting potential for unauthorized access can negatively impact compliance with common standards and regulations such as GDPR and HIPAA, which mandate appropriate access controls and protection of sensitive data.