216.73.217.98

CVE-2026-50089

· Published 12/06/2026 18:16 · Modified 12/06/2026 17:16 · Author: The MITRE Corporation

Labels: CVE-2026-50089 2026-06-1244488dab-36db-4358-99f9-bc116477f914CVE-2026-50089CWE-601

Essential information

Published
12/06/2026 18:16
Modified
12/06/2026 17:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-601
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
44488dab-36db-4358-99f9-bc116477f914
NVD
View on NVD

Affected products (CPE)

ProductCPE
aqara / iam sso gateway cpe:2.3:a:aqara:iam_sso_gateway:*:*:*:*:*:*:*:*

References