CVE-2016-20026 in ZKBioSecurityinformation

Résumé

par MITRE • 16/03/2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

15/03/2026

Divulgation

16/03/2026

Modérer

accepté

Entrée

VDB-351126

CPE

prêt

CWE

CWE-798 (confirmé)

CVSS

9.8 (CNA)

EPSS

0.00075

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20026
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20026
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20026/

◂ Précédent Aperçu Suivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!