Skip to main content

Aquara Iam Sso Gateway

1 CVEs product

Monthly

CVE-2026-50083 CRITICAL PATCH Act Now

Authentication bypass in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) stems from a hardcoded OAuth client credential shipped in the identity backend, letting remote attackers impersonate a trusted OAuth client and subvert the single sign-on trust boundary. Discovered by runZero and tracked as EUVD-2026-36473, it carries a critical CVSS of 9.8 and a proof-of-concept is publicly available, though EPSS (0.03%) shows no evidence of widespread automated exploitation. On its own it compromises the SSO/authorization layer, but chained with CVE-2026-50082, CVE-2026-50084, and CVE-2026-50085 it enables a fully unauthenticated remote takeover of affected devices.

Authentication Bypass Aquara Iam Sso Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in the Aqara IAM/SSO Gateway (gw-builder.aqara.com) stems from a hardcoded OAuth client credential shipped in the identity backend, letting remote attackers impersonate a trusted OAuth client and subvert the single sign-on trust boundary. Discovered by runZero and tracked as EUVD-2026-36473, it carries a critical CVSS of 9.8 and a proof-of-concept is publicly available, though EPSS (0.03%) shows no evidence of widespread automated exploitation. On its own it compromises the SSO/authorization layer, but chained with CVE-2026-50082, CVE-2026-50084, and CVE-2026-50085 it enables a fully unauthenticated remote takeover of affected devices.

Authentication Bypass Aquara Iam Sso Gateway
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy