This issue is submitted for CVE assignment.
A vulnerability has been identified in Flyfish due to the exposure of a default administrator password in the deployment script (flyfish.sh). The affected project is publicly available via its source code repositories.
During code review, it was discovered that the script contains hardcoded credentials for the administrator account. Because these credentials are disclosed in the publicly accessible codebase, an attacker can directly use them to authenticate to the platform without any prior authorization.
Impact:
An attacker exploiting this vulnerability can:
• Log in to the backend management system with administrative privileges
• Access sensitive configuration data, including data source information
• Potentially retrieve or manipulate sensitive data stored within the platform
This vulnerability has been assigned the identifier CNVD-2026-02994 and has been officially included in the China National Vulnerability Database (CNVD).
This issue is submitted for CVE assignment.
A vulnerability has been identified in Flyfish due to the exposure of a default administrator password in the deployment script (flyfish.sh). The affected project is publicly available via its source code repositories.
During code review, it was discovered that the script contains hardcoded credentials for the administrator account. Because these credentials are disclosed in the publicly accessible codebase, an attacker can directly use them to authenticate to the platform without any prior authorization.
Impact:
An attacker exploiting this vulnerability can:
• Log in to the backend management system with administrative privileges
• Access sensitive configuration data, including data source information
• Potentially retrieve or manipulate sensitive data stored within the platform
This vulnerability has been assigned the identifier CNVD-2026-02994 and has been officially included in the China National Vulnerability Database (CNVD).