CVE-2026-8672

5.1 MEDIUM

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords

Published: 2026-05-22 · Last updated: 2026-06-02

Severity and scoring

CVSS: 5.1 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-1393

Affected products

Vendor	Product
avantra	avantra

Description

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-8672
[Vendor advisory]https://support.avantra.com/hc/en-us/articles/5535551609759

Related CVEs

Same vendor

CVE-2026-8673 — Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks (5.9 MEDIUM)
CVE-2026-8671 — Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Expo... (7.5 HIGH)
CVE-2026-8670 — Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Re... (9.6 CRITICAL)

Same CWE

CVE-2026-35075 — An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affe... (9.8 CRITICAL)