CVE-2026-50088

8.2 HIGH

The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cro...

Published: 2026-06-12 · Last updated: 2026-06-12

Severity and scoring

CVSS: 8.2 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
CWE: CWE-942

Description

The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-50087 — The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942:... (8.2 HIGH)
CVE-2026-10056 — CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security... (7.5 HIGH)
CVE-2026-46685 — RustFS is a distributed object storage system built in Rust
CVE-2026-45021 — Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs
CVE-2026-9739 — Vulnerable to DNS rebinding attacks when using SSE (http://b/499408790)