Description
By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
References (3)
Core 3
Core References
Various Sources technical-description
https://r.sec-consult.com/dormakaba
Various Sources third-party-advisory
https://r.sec-consult.com/dkaccess
Various Sources vendor-advisory
https://www.dormakabagroup.com/en/security-advisories
Scores
CVSS v4
9.2
EPSS
0.0042
EPSS Percentile
33.6%
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-1392
Status
published
Published
Jan 26, 2026
Tracked Since
Feb 18, 2026