CVE-2026-50087
8.2 HIGHThe Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942:...
Published: 2026-06-12 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
- CWE
- CWE-942
Description
The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-50088 — The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cro... (8.2 HIGH)
- CVE-2026-10056 — CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security... (7.5 HIGH)
- CVE-2026-46685 — RustFS is a distributed object storage system built in Rust
- CVE-2026-45021 — Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs
- CVE-2026-9739 — Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790)