A critical security vulnerability has been identified in Apache Solr (CVE-2026-44825), affecting core versions 9.4.0 to 9.10.1 and 10.0.0. The vulnerability stems from hardcoded default credentials that can allow remote attackers full administrative access, exposing corporate networks to significant risk. Systems using automated command installations are particularly vulnerable; however, environments where installations were done manually remain safe.
As a mitigation measure, administrators are advised to delete default user templates from the security configuration or update them with complex passwords until fixed versions are released. Immediate action is recommended to safeguard against potential exploits.