top of page
Search

Critical 9.8 Severity Flaw in Harvester Allows Hackers to Hijack New Servers: The Open Door

  • Jan 6
  • 1 min read

Key Findings


  • A critical vulnerability (CVSS score 9.8) has been discovered in the Harvester Hyperconverged Infrastructure (HCI) platform.

  • The flaw allows remote attackers to gain unauthorized access to new servers during the installation process using default credentials.

  • Successful exploitation could enable attackers to completely compromise the affected servers and leverage them for further malicious activities.


Background


Harvester is an open-source HCI solution built on top of Kubernetes, aiming to provide a simplified infrastructure platform for deploying and managing virtualized workloads. It is developed by SUSE and has gained traction in the cloud-native computing space.


Vulnerability Details


The critical vulnerability (tracked as CVE-2023-XXXXX) is caused by the use of default credentials during the Harvester installation process. An attacker can leverage these hardcoded credentials to gain initial access to newly provisioned servers, potentially leading to a complete system takeover.


Impact


If exploited, the flaw could allow attackers to:


  • Gain full control over newly installed Harvester servers

  • Deploy malware, steal sensitive data, or use the compromised systems for further attacks

  • Disrupt the operation of critical infrastructure relying on the Harvester platform


Affected Versions


  • Harvester versions prior to 1.7.0


Mitigation


Users are strongly advised to update to the latest version of Harvester (1.7.0 or higher) to address this vulnerability. The update includes a fix that removes the default credentials and enhances the overall security of the installation process.


Conclusion


The discovery of this high-severity vulnerability in the Harvester HCI platform underscores the importance of maintaining robust security practices, especially in critical infrastructure components. Users are urged to prioritize the update to the latest version to mitigate the risks and protect their systems from potential compromise.


Sources


  • https://securityonline.info/the-open-door-critical-9-8-severity-flaw-in-harvester-lets-hackers-hijack-new-servers/

  • https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html

  • https://x.com/the_yellow_fall/status/2008384071345336811

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page