CVE-2026-44825
Hard-Coded Credentials in Apache Solr Authentication Tool
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | solr | From 9.4.0 (inc) to 9.10.1 (inc) |
| apache | solr | 10.0.0 |
| apache | solr | to 9.11.0 (exc) |
| apache | solr | to 10.1.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1188 | The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0. These default credentials are installed silently alongside the user-specified account, allowing a remote attacker to gain full administrative access to the Solr cluster.
The issue arises because template users such as superadmin, admin, search, and index have default passwords that can be exploited if not changed or removed.
An immediate workaround without upgrading is to delete these template users from the security.json file or change their passwords. Future versions 9.11.0 and 10.1.0 will fix this vulnerability.
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to gain full administrative access to your Apache Solr cluster without authorization.
With full administrative access, the attacker can compromise confidentiality, integrity, and availability of the data and services managed by the Solr cluster.
This could lead to unauthorized data access, data modification, service disruption, or further exploitation within your environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves hardcoded default credentials in the Basic Authentication setup tool of Apache Solr. Detection can be performed by checking if the vulnerable versions (9.4.0 through 9.10.1 and 10.0.0) are in use and if the default template users (superadmin, admin, search, index) exist with their default passwords.
You can inspect the security.json file in your Solr configuration to see if these template users are present and whether their passwords have been changed.
While no specific commands are provided in the context, a general approach would be to use commands to read and search the security.json file, for example:
- cat /path/to/solr/security.json | grep -E 'superadmin|admin|search|index'
- Check Solr version with: bin/solr --version
Additionally, attempting to authenticate using the known default credentials against the Solr cluster could help confirm vulnerability presence.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps without upgrading include deleting the template users (superadmin, admin, search, index) from the security.json file or changing their passwords to strong, unique values.
Upgrading to future versions 9.11.0 or 10.1.0, which are not vulnerable, will fully resolve the issue.
Clusters that did not use the bin/solr auth enable tool to bootstrap BasicAuth or where template users have already been assigned strong passwords are not affected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a remote attacker to gain full administrative access to the Apache Solr cluster via hardcoded default credentials. Such unauthorized access can lead to exposure, modification, or deletion of sensitive data.
Because of the potential for unauthorized data access and control, this vulnerability could negatively impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require strict access controls and protection of sensitive information.
Mitigations include deleting the template users or changing their passwords, or upgrading to fixed versions, which are necessary steps to maintain compliance.