Skip to main content

Droneaware Node Releases

1 CVEs product

Monthly

CVE-2026-48117 MEDIUM This Month

Account pre-hijacking in the centralized droneaware.io cloud platform allowed unauthenticated attackers to register an account using a victim's email address with an attacker-controlled password prior to the victim completing account activation. Once the legitimate owner activated their account - either via an email verification link or by authenticating through Google SSO - the attacker-set password remained fully valid, granting silent and persistent account takeover with no notification to the victim. The vulnerability was remediated server-side by the vendor on 2025-05-20; no public exploit or CISA KEV listing has been identified, and no user action is required.

Authentication Bypass Google Droneaware Node Releases
NVD GitHub
CVSS 3.1
6.8
EPSS
0.2%
EPSS 0% CVSS 6.8
MEDIUM This Month

Account pre-hijacking in the centralized droneaware.io cloud platform allowed unauthenticated attackers to register an account using a victim's email address with an attacker-controlled password prior to the victim completing account activation. Once the legitimate owner activated their account - either via an email verification link or by authenticating through Google SSO - the attacker-set password remained fully valid, granting silent and persistent account takeover with no notification to the victim. The vulnerability was remediated server-side by the vendor on 2025-05-20; no public exploit or CISA KEV listing has been identified, and no user action is required.

Authentication Bypass Google Droneaware Node Releases
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy