Dirigera Firmware
CVE-2026-3588
HIGH
Severity by source
AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
AnalysisAI
IKEA Dirigera v2.866.4 contains a server-side request forgery vulnerability that enables authenticated attackers with high privileges to extract private cryptographic keys through specially crafted requests. The vulnerability impacts the confidentiality of sensitive authentication material while also introducing integrity and availability risks, though no patch is currently available.
Technical ContextAI
Classified as CWE-918 (Server-Side Request Forgery (SSRF)). Affects IKEA Dirigera v2.866.4. A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today