Home / Vulnerability Intelligence / CVE-2026-6043

CVE-2026-6043 - Vulnerability Analysis

N/a

Last Updated: April 24, 2026

P4 Server - Broken Access Control

Published: April 24, 2026Updated: April 24, 2026PoC Available

Overview

P4 Server < 2026.1 contains a broken access control vulnerability caused by insecure default settings, letting unauthenticated attackers create users, enumerate users, authenticate without passwords, and access depot contents remotely, exploit requires server exposure to untrusted networks.

Severity & Score

Severity: N/a

Impact

Unauthenticated attackers can gain unauthorized access to source code repositories and managed assets, risking data theft and manipulation.

Mitigation

Update to version 2026.1 or later which enforces secure-by-default configurations.

References

https://help.perforce.com/helix-core/server-apps/p4sag/current/Content/P4SAG/security-configurables.html
https://portal.perforce.com/s/cve/a91Qi000002wRUvIAM/insecure-default-configuration-in-p4-server

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-6043
Severity: N/a
Type: broken_access_control
Status: unconfirmed

CWE

CWE-1188

CVSS Metrics

N/A