Key Findings A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform. The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials. Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities. Background Harvester is an open-source HCI solution built on t