CVE-2026-14807
Received Received - Intake

Hard-Coded Credentials in PROG MIS ERP App

Vulnerability report for CVE-2026-14807, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: TWCERT/CC

Description

ERP App developed by PROG MIS has a Use of Hard-coded Credentials vulnerability, allowing unauthenticated remote attackers to log in to view application code and obtain the database account and password.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
prog_mis erp_app to 2026-07-06 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the ERP App developed by PROG MIS involves the use of hard-coded credentials within the application.

This flaw allows unauthenticated remote attackers to log in without proper authorization, enabling them to view the application's source code and obtain sensitive database account credentials.

Because the credentials are embedded directly in the code, attackers can easily extract them and gain unauthorized access.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to remotely access the ERP application without authentication.

Attackers can view the application code and retrieve database credentials, potentially leading to unauthorized data access, data breaches, and manipulation of sensitive information.

Such unauthorized access can compromise the confidentiality, integrity, and availability of the affected systems and data.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to contact the vendor of the ERP App developed by PROG MIS to obtain and apply the official patch addressing the hard-coded credentials issue.

Compliance Impact

The vulnerability involves the use of hard-coded credentials in the ERP App, allowing unauthenticated remote attackers to access sensitive information such as application code and database account credentials.

Such unauthorized access to sensitive data can lead to violations of common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and breaches.

Therefore, this vulnerability poses a significant risk to compliance by potentially exposing confidential data and failing to maintain adequate security controls.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14807. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart