CWE-798

High likelihood

Use of Hard-coded Credentials

Parent: CWE-1391 - Use of Weak Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

1,712 vulnerabilities with CWE-798
CVE-2026-50083 CRITICAL
Aqara hardcoded OAuth client credentials
CVSS 9.1
CVE-2026-10557 CRITICAL
Yarbo Android/iOS Mobile Application and Cloud Infrastructure Use of Hard-coded Credentials
CVSS 9.8
CVE-2026-11849 CRITICAL
IEI Integration Corp|iRM-IEI Remote Management - Hard-coded Credentials
CVSS 9.8
CVE-2026-47281 CRITICAL
Visual Studio Code Elevation of Privilege Vulnerability
CVSS 9.6
CVE-2026-11414 CRITICAL
Unauthenticated File Exfiltration in Altium Enterprise Server Vault Service via Hard-coded Cryptographic Key and Path Traversal
CVE-2026-21404 MEDIUM
NAVTOR NavBox Use of Hard-coded Credentials
CVSS 6.3
CVE-2026-50213 HIGH
Acer Connect M6E 5G Portable WiFi Router - Bulk User Private Data Harvesting
CVSS 7.5
CVE-2026-49204 MEDIUM
Acer Connect M6E 5G Portable WiFi Router - Hard-Coded AWS Cognito Testing Accounts
CVSS 6.5
CVE-2026-8876 HIGH
Securly Chrome Extension < 3.0.7 - Hardcoded AES Passphrase Exposure
CVSS 7.3
CVE-2026-36616 MEDIUM
Mercusys AC12G (EU) V1 AC12G(EU)_V1_200909 - Hardcoded WiFi Driver Credentials Exposure
CVSS 5.9
CVE-2026-36606 HIGH
Mercusys AC12G (EU) V1 - Hardcoded DES Key Credential Exposure via Configuration Backup
CVSS 7.1
CVE-2026-42251 HIGH
Hard-coded credentials in KS-SOMED
CVE-2026-25600 MEDIUM
Trac PDBM 2.0.0.0 - Hardcoded Credential Encryption Secret
CVSS 6.4
CVE-2026-44825 HIGH
Apache Solr: Enabling BasicAuth using bin/solr CLI configures additional insecure users
CVSS 8.1
CVE-2026-42929 HIGH
MacGregor Voyage Data Recorder (VDR) G4e Use of Hard-coded Credentials
CVSS 8.3
CVE-2026-7786 CRITICAL
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials
CVSS 9.8
CVE-2026-45631 CRITICAL
Dokploy: Pre-Auth Admin Takeover via Hardcoded Authentication Secret
CVSS 10.0
CVE-2026-46376 CRITICAL
FreePBX UCP - Hardcoded Template Credentials
CVSS 9.8
CVE-2026-49323 MEDIUM
Indian Scout Bobber 2025 WCM-to-ECM weak authentication
CVSS 4.3
CVE-2026-49201 CRITICAL
Acer Wave 7 router: Hardcoded Cryptographic Key
CVSS 9.8
CVE-2026-45039 CRITICAL
RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation
CVSS 9.8
CVE-2026-24444 CRITICAL
SDMC NE6037 Hardcoded Password via mgmt.php/npcmd.php
CVSS 9.8
CVE-2026-5065 HIGH
IBM Controller is affected by vulnerabilities
CVSS 8.8
CVE-2026-36538 HIGH
Netis AC1200 Router NC21 V4.0.1.4296 - Hard-coded Root Credential in /etc/shadow.sample
CVSS 7.3
CVE-2026-48245 MEDIUM
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php
CVSS 5.3
Details
Vulnerabilities 1,712
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits