UBUNTU-CVE-2026-44825
- Source
- https://ubuntu.com/security/CVE-2026-44825
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-44825.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-44825
- Upstream
- Published
- 2026-06-01T09:16:00Z
- Modified
- 2026-06-03T13:38:53.277269814Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access to the cluster via publicly known default credentials installed silently alongside the user-specified account. As an immediate workaround without upgrading, delete the template users (superadmin, admin, search, index) from security.jsonĀ or change their passwords. The future, not yet released, versions 9.11.0 and 10.1.0 will not be vulnerable, and it will be enough to upgrade to solve the issue. Not affected: * Clusters where bin/solr auth enable was not used to bootstrap BasicAuth * Clusters where template users have been assigned strong passwords after bootstrap
- References
Affected packages
Ubuntu:20.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "liblucene3-contrib-java",
"binary_version": "3.6.2+dfsg-22"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "liblucene3-java"
},
{
"binary_version": "3.6.2+dfsg-22",
"binary_name": "libsolr-java"
},
{
"binary_name": "solr-common",
"binary_version": "3.6.2+dfsg-22"
},
{
"binary_name": "solr-jetty",
"binary_version": "3.6.2+dfsg-22"
},
{
"binary_name": "solr-tomcat",
"binary_version": "3.6.2+dfsg-22"
}
]
}Ubuntu:22.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:26.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:14.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.6.2+dfsg-1
3.6.2+dfsg-2
3.6.2+dfsg-2ubuntu0.1~esm1
3.6.2+dfsg-2ubuntu0.1~esm2
3.6.2+dfsg-2ubuntu0.1~esm4
Ecosystem specific
{
"binaries": [
{
"binary_name": "liblucene3-contrib-java",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
},
{
"binary_name": "liblucene3-java",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
},
{
"binary_name": "libsolr-java",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
},
{
"binary_name": "solr-common",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
},
{
"binary_name": "solr-jetty",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
},
{
"binary_name": "solr-tomcat",
"binary_version": "3.6.2+dfsg-2ubuntu0.1~esm4"
}
]
}Ubuntu:Pro:16.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "liblucene3-contrib-java",
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1"
},
{
"binary_name": "liblucene3-java",
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1"
},
{
"binary_name": "libsolr-java",
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1"
},
{
"binary_name": "solr-common",
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1"
},
{
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1",
"binary_name": "solr-jetty"
},
{
"binary_name": "solr-tomcat",
"binary_version": "3.6.2+dfsg-8ubuntu0.1+esm1"
}
]
}Ubuntu:Pro:18.04:LTS
lucene-solr
Package
- Name
- lucene-solr
- Purl
- pkg:deb/ubuntu/lucene-solr?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "liblucene3-contrib-java"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "liblucene3-java"
},
{
"binary_name": "libsolr-java",
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "solr-common"
},
{
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2",
"binary_name": "solr-jetty"
},
{
"binary_name": "solr-tomcat",
"binary_version": "3.6.2+dfsg-18~18.04.1~esm2"
}
]
}