โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-50083
CVE-2026-50083 โ€” The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client c
๐Ÿ“… 2026-06-12
๐Ÿ”ด Critical ๐Ÿ”ฅ No NVD Exploit Vulnerability CVSS 9.1

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance ofย "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS ofย CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Nย (9.1 Critical). When combined with CVE-2026-50082, CVE-50084, and CVE-50085, this can lead to a fully unauthenticated, remote takeover of affected de

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2026-50083

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-50083 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†