GHSA-fgmc-2hqj-86v4: Vantage6: Set admin user and password from environment or configuration

June 5, 2026

Vantage6 currently provides an initial user with username root and password root. This is not ideal for the following reasons:

Attackers know that almost all vantage6 servers have a user with username root that probably has admin rights
The initial password is very weak and it is possible that administrators forget to reset it.

References

github.com/advisories/GHSA-fgmc-2hqj-86v4
github.com/vantage6/vantage6/issues/1932
github.com/vantage6/vantage6/security/advisories/GHSA-fgmc-2hqj-86v4

Code Behaviors & Features

Detect and mitigate GHSA-fgmc-2hqj-86v4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →