Unrated severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026

3DP-MANAGER Uses Hard-coded Credentials

CVE-2026-25803

Description

3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first initialization. Attackers with network access to the application's login interface can gain full administrative control, managing VPN tunnels and system settings. This issue will be patched in version 2.0.2.

Affected products

Manager Io/Managerllm-fuzzy
Range: <=2.0.1
denpiligrim/3dp-managerv5
Range: <= 2.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/denpiligrim/3dp-manager/commit/f568de41de97dd1b70a963708a1ee18e52b9d248mitrex_refsource_MISC
github.com/denpiligrim/3dp-manager/security/advisories/GHSA-5x57-h7cw-9jmwmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000