Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 12 Jun 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Aqara
Aqara aqara Iam/sso Gateway |
|
| Vendors & Products |
Aqara
Aqara aqara Iam/sso Gateway |
Fri, 12 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 12 Jun 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack. | |
| Title | Aqara IAM/SSO Gateway open redirect | |
| Weaknesses | CWE-601 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: runZero
Published:
Updated: 2026-06-12T15:50:31.374Z
Reserved: 2026-06-03T14:25:34.982Z
Link: CVE-2026-50089
Updated: 2026-06-12T15:50:26.443Z
Status : Awaiting Analysis
Published: 2026-06-12T16:16:32.513
Modified: 2026-06-12T17:16:26.050
Link: CVE-2026-50089
No data.
OpenCVE Enrichment
Updated: 2026-06-12T20:19:41Z