Use of hard coded credentials in GoHarbor Harbor version 2.15.0 and below, allows attackers to use the default password and gain access to the web UI.
VulnCheck: Use of
Exploit
CVE-2026-4404
VulnCheck
Update to v2.15.0