What is CVE-2026-6043?

CVE-2026-6043 is a vulnerability in Perforce Helix Core Server (P4d), classified under Initialization of a Resource with an Insecure Default. Published 2026-04-24.

Is CVE-2026-6043 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Perforce Helix Core Server (P4d)

CVE-2026-6043

P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to account…

EPSS: 0.000 (12.2th percentile) — read the EPSS interpretation.

Affected products

Perforce Helix Core Server (P4d) — versions 0

Weakness classification (CWE)

CWE-1188 — Initialization of a Resource with an Insecure Default

Public proof-of-concept exploits

flyingllama87/p4wned

References

security@puppet.com
security@puppet.com (x_workaround, mitigation)

Frequently asked questions

What is CVE-2026-6043?: CVE-2026-6043 is a vulnerability in Perforce Helix Core Server (P4d), classified under Initialization of a Resource with an Insecure Default. Published 2026-04-24.
Is CVE-2026-6043 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.