CVE-2016-20026 in ZKBioSecurityinfo

Zusammenfassung

von MITRE • 16.03.2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

15.03.2026

Veröffentlichung

16.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351126

CPE

bereit

CWE

CWE-798 (bestätigt)

CVSS

9.8 (CNA)

EPSS

0.00075

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20026
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20026
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20026/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!