← Back
2026-02-06 22:52CVE-2026-25803GitHub_M
PUBLISHED5.2CWE-798

3DP-MANAGER Uses Hard-coded Credentials

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2.

Problem type

Affected products

denpiligrim

3dp-manager

<= 2.0.1 - AFFECTED

References

https://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw

https://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw

x_refsource_CONFIRM
https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248

https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248

x_refsource_MISC

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-25803
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-25803",
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "dateUpdated": "2026-02-06T22:52:40.631Z",
    "dateReserved": "2026-02-05T19:58:01.641Z",
    "datePublished": "2026-02-06T22:52:40.631Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M",
        "dateUpdated": "2026-02-06T22:52:40.631Z"
      },
      "title": "3DP-MANAGER Uses Hard-coded Credentials",
      "descriptions": [
        {
          "lang": "en",
          "value": "3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2."
        }
      ],
      "affected": [
        {
          "vendor": "denpiligrim",
          "product": "3dp-manager",
          "versions": [
            {
              "version": "<= 2.0.1",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-798: Use of Hard-coded Credentials",
              "cweId": "CWE-798",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw",
          "name": "https://github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmw",
          "tags": [
            "x_refsource_CONFIRM"
          ]
        },
        {
          "url": "https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248",
          "name": "https://github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248",
          "tags": [
            "x_refsource_MISC"
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL"
          }
        }
      ]
    }
  }
}