cbcvebase.

Aqara Iam Sso Gateway vulnerabilities

3 known vulnerabilities affecting aqara/aqara_iam_sso_gateway.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-50086P2CRITICALCVSS 10.0≥ 2026-04-20, < 02026-06-12
CVE-2026-50086 [CRITICAL] CWE-327 CVE-2026-50086: The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the p The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and "CWE-327: Use of a Broken or Risky Cryptographic Algorithm," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S
nvd
CVE-2026-50087P3HIGHCVSS 8.2≥ 2026-04-20, < 02026-06-12
CVE-2026-50087 [HIGH] CWE-942 CVE-2026-50087: The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerabili The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).
nvd
CVE-2026-50089P4MEDIUMCVSS 6.1≥ 2026-04-20, < 02026-06-12
CVE-2026-50089 [MEDIUM] CWE-601 CVE-2026-50089: The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.
nvd
Aqara Iam Sso Gateway vulnerabilities | cvebase