216.73.216.75

CVE-2026-50082

· Published 12/06/2026 18:16 · Modified 12/06/2026 17:16 · Author: The MITRE Corporation

Labels: CVE-2026-50082 2026-06-1244488dab-36db-4358-99f9-bc116477f914CVE-2026-50082CWE-306

Essential information

Published
12/06/2026 18:16
Modified
12/06/2026 17:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-306
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (6.5 Medium). When combined with CVE-2026-50083, CVE-2026-50084, and CVE-2026-50085, any otherwise-unauthenticated attacker could execute a full takeover of affected devices.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
44488dab-36db-4358-99f9-bc116477f914
NVD
View on NVD

Affected products (CPE)

ProductCPE
aqara / cloud developer portal cpe:2.3:a:aqara:cloud_developer_portal:*:*:*:*:*:*:*:*

References