Critical severity9.8NVD Advisory· Published Mar 16, 2026· Updated Jun 8, 2026
CVE-2016-20026
CVE-2016-20026
Description
ZKTeco ZKBioSecurity 3.0 contains hardcoded credentials in the bundled Apache Tomcat server that allow unauthenticated attackers to access the manager application. Attackers can authenticate with hardcoded credentials stored in tomcat-users.xml to upload malicious WAR archives containing JSP applications and execute arbitrary code with SYSTEM privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 3.0
Patches
Vulnerability mechanics
References
6- cxsecurity.com/issue/WLB-2016080266nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/116484nvd
- packetstormsecurity.com/files/138567nvd
- www.exploit-db.com/exploits/40324/nvd
- www.vulncheck.com/advisories/zkteco-zkbiosecurity-hardcoded-credentials-remote-code-executionnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5362.phpnvd
News mentions
0No linked articles in our index yet.