Harbor CLI

by Harborv0.0.8

Last updated Jun 8, 2026

\[Sandbox\] Official Harbor CLI

Install with winget

$ winget install --id GoHarbor.Harbor --exact --version 0.0.8

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

Installers · v0.0.8

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

14 known CVEs via NVD

high7.4Patched in wingetCVE-2022-31671affects before 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authenticated users could read...
Vendor advisory
high7.7Patched in wingetCVE-2022-31670affects before 1.10.13, 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate the user permissions when updating tag retention policies. By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag retention...
Vendor advisory
medium6.4Patched in wingetCVE-2022-31669affects before 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immu...
Vendor advisory
high7.4Patched in wingetCVE-2022-31668affects before 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies...
Vendor advisory
medium6.4Patched in wingetCVE-2022-31667affects before 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that...
Vendor advisory
high7.7Patched in wingetCVE-2022-31666affects before 2.4.3, 2.5.2Nov 14, 2024
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users. The attacker could modify Webhook policies configured in other projects.
Vendor advisory
medium6.4Fix in v2.9.5CVE-2024-22278affects before 2.9.5, 2.10.3Aug 1, 2024
Incorrect user permission validation in Harbor <v2.9.5 and Harbor <v2.10.3 allows authenticated users to modify configurations.
low2.7Patched in wingetCVE-2024-22261affects before 2.8.6, 2.9.4, 2.10.2Jun 10, 2024
SQL-Injection in Harbor allows priviledge users to leak the task IDs
Vendor advisory

Showing 8 of 14. Source: NVD, updated 1h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Frequently asked questions

How do I install Harbor CLI on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id GoHarbor.Harbor --exact --version 0.0.8. winget downloads the installer from Harbor and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Harbor CLI silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id GoHarbor.Harbor --exact 0.0.8 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Harbor CLI via winget?

Run: winget uninstall --id GoHarbor.Harbor --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Harbor CLI's Apps & Features entry.

Is Harbor CLI free?

Harbor CLI is distributed under Apache-2.0. Refer to the publisher (https://goharbor.io/) for the full license terms - Wingetly itself does not charge for installation.

Does Harbor CLI work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Harbor CLI directly from the publisher.

How do I keep Harbor CLI up to date?

Run winget upgrade --id GoHarbor.Harbor --exact, or winget upgrade --all to update everything winget tracks. We index 5 versions of Harbor CLI from microsoft/winget-pkgs.

Recent versions

0.0.8latest
0.0.7
0.0.4
0.0.2
0.0.1