216.73.216.133

CVE-2026-32294

· Published 17/03/2026 18:16 · Modified 18/03/2026 14:52

Labels: CVE-2026-32294 2026-03-179119a7d8-5eab-497f-8521-727c672e3725CVE-2026-32294CWE-345

Essential information

Published
17/03/2026 18:16
Modified
18/03/2026 14:52
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
jetkvm / jetkvm cpe:2.3:a:jetkvm:jetkvm:*:*:*:*:*:*:*:*

References