CVE-2016-20026 in ZKBioSecurityजानकारी

सारांश

द्वारा MITRE • 16/03/2026

ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

जिम्मेदार

VulnCheck

आरक्षित करना

15/03/2026

प्रकटीकरण

16/03/2026

संयम

स्वीकृत

प्रविष्टि

VDB-351126

CPE

तैयार

CWE

CWE-798 (पुष्टि की गई)

CVSS

9.8 (CNA)

EPSS

0.00075

KEV

नहीं

गतिविधियाँ

बहुत कम

स्रोत

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-20026
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-20026
CVE Details	https://www.cvedetails.com/cve/CVE-2016-20026/

◂ पिछला सिंहावलोकन अगला ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!