CVE-2026-6043

UNKNOWN 0.0

Insecure Default Configuration in P4 Server

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces secure-by-default configurations on upgrade and new installations

CWE	CWE-1188
Vendor	perforce
Product	helix core server (p4d)
Published	Apr 24, 2026
Last Updated	Apr 24, 2026

Stay Ahead of the Next One

Get instant alerts for perforce helix core server (p4d)

Be the first to know when new unknown vulnerabilities affecting perforce helix core server (p4d) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Perforce / Helix Core Server (P4D)

0 ≤ 2025.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

portal.perforce.com: https://portal.perforce.com/s/cve/a91Qi000002wRUvIAM/insecure-default-configuration-in-p4-server help.perforce.com: https://help.perforce.com/helix-core/server-apps/p4sag/current/Content/P4SAG/security-configurables.html