CWE-942
AllowedPermissive Cross-domain Security Policy with Untrusted Domains
Abstraction: Variant · Status: Incomplete
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
176 vulnerabilities reference this CWE, most recent first.
CVE-2026-59726 (GCVE-0-2026-59726)
Vulnerability from cvelistv5 – Published: 2026-07-09 17:31 – Updated: 2026-07-09 18:43| URL | Tags |
|---|---|
| https://github.com/ruvnet/ruflo/security/advisori… | x_refsource_CONFIRM |
| https://github.com/ruvnet/ruflo/pull/2521 | x_refsource_MISC |
| https://github.com/ruvnet/ruflo/commit/d00a0a40cd… | x_refsource_MISC |
| https://github.com/ruvnet/ruflo/releases/tag/v3.16.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59726",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T18:43:19.456381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:43:24.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ruflo",
"vendor": "ruvnet",
"versions": [
{
"status": "affected",
"version": "\u003c 3.16.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo\u0027s default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a shell in the bridge container, read provider API keys, and poison AgentDB learning-store patterns. This issue is fixed in version 3.16.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T17:31:20.627Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruvnet/ruflo/security/advisories/GHSA-c4hm-4h84-2cf3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruvnet/ruflo/security/advisories/GHSA-c4hm-4h84-2cf3"
},
{
"name": "https://github.com/ruvnet/ruflo/pull/2521",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruvnet/ruflo/pull/2521"
},
{
"name": "https://github.com/ruvnet/ruflo/commit/d00a0a40cd8bdbca877ac7f675f416bdc69accd1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruvnet/ruflo/commit/d00a0a40cd8bdbca877ac7f675f416bdc69accd1"
},
{
"name": "https://github.com/ruvnet/ruflo/releases/tag/v3.16.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruvnet/ruflo/releases/tag/v3.16.3"
}
],
"source": {
"advisory": "GHSA-c4hm-4h84-2cf3",
"discovery": "UNKNOWN"
},
"title": "Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59726",
"datePublished": "2026-07-09T17:31:20.627Z",
"dateReserved": "2026-07-06T15:34:16.917Z",
"dateUpdated": "2026-07-09T18:43:24.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59148 (GCVE-0-2026-59148)
Vulnerability from cvelistv5 – Published: 2026-07-09 18:27 – Updated: 2026-07-09 19:24| URL | Tags |
|---|---|
| https://github.com/mockoon/mockoon/security/advis… | x_refsource_CONFIRM |
| https://github.com/mockoon/mockoon/pull/2254 | x_refsource_MISC |
| https://github.com/mockoon/mockoon/commit/c420b5a… | x_refsource_MISC |
| https://github.com/mockoon/mockoon/releases/tag/v9.7.0 | x_refsource_MISC |
| https://mockoon.com/releases/9.7.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59148",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T19:24:39.649769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T19:24:49.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/mockoon/mockoon/security/advisories/GHSA-rqx4-3f6q-3x2v"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mockoon",
"vendor": "mockoon",
"versions": [
{
"status": "affected",
"version": "\u003c 9.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon\u0027s admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: * with write methods allowed, and has no authentication. Any unauthenticated caller who can reach the mock server port can read MOCKOON_* environment variables, write arbitrary process environment variables through /mockoon-admin/env-vars, rewrite mock route bodies, statuses, and headers through PUT /mockoon-admin/environment, read transaction logs and SSE streams, and purge state. This issue is fixed in version 9.7.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T18:27:18.579Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mockoon/mockoon/security/advisories/GHSA-rqx4-3f6q-3x2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mockoon/mockoon/security/advisories/GHSA-rqx4-3f6q-3x2v"
},
{
"name": "https://github.com/mockoon/mockoon/pull/2254",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/pull/2254"
},
{
"name": "https://github.com/mockoon/mockoon/commit/c420b5a56918475b8663977b51e5f986e45b3299",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/commit/c420b5a56918475b8663977b51e5f986e45b3299"
},
{
"name": "https://github.com/mockoon/mockoon/releases/tag/v9.7.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mockoon/mockoon/releases/tag/v9.7.0"
},
{
"name": "https://mockoon.com/releases/9.7.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://mockoon.com/releases/9.7.0"
}
],
"source": {
"advisory": "GHSA-rqx4-3f6q-3x2v",
"discovery": "UNKNOWN"
},
"title": "Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59148",
"datePublished": "2026-07-09T18:27:18.579Z",
"dateReserved": "2026-07-02T16:50:27.886Z",
"dateUpdated": "2026-07-09T19:24:49.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57957 (GCVE-0-2026-57957)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:23 – Updated: 2026-07-14 21:34 X_Open Source- CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://github.com/papermark/papermark/issues/2178 | issue-tracking |
| https://github.com/AstoKr/papermark/pull/1 | issue-tracking |
| https://www.vulncheck.com/advisories/papermark-co… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T14:19:49.048856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:20:01.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/papermark/papermark",
"product": "papermark",
"repo": "https://github.com/papermark/papermark",
"vendor": "papermark",
"versions": [
{
"lessThanOrEqual": "0.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:papermark:papermark:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.22.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Papermark through 0.22.0 contains a cross-origin resource sharing (CORS) misconfiguration vulnerability that allows unauthenticated remote attackers to perform credentialed cross-origin requests by exploiting the TUS-based viewer upload endpoint reflecting arbitrary request Origins with Access-Control-Allow-Credentials set to true. Attackers can lure authenticated victims to malicious pages that silently issue credentialed cross-origin requests to upload arbitrary files into victim datarooms and read credentialed responses."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "Permissive Cross-domain Security Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T21:34:45.128Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/papermark/papermark/issues/2178"
},
{
"name": "Findings Summary",
"tags": [
"issue-tracking"
],
"url": "https://github.com/AstoKr/papermark/pull/1"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/papermark-cors-misconfiguration-in-viewer-upload-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "Papermark 0.22.0 - CORS Misconfiguration in Viewer Upload Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57957",
"datePublished": "2026-06-29T17:23:10.419Z",
"dateReserved": "2026-06-26T13:59:33.048Z",
"dateUpdated": "2026-07-14T21:34:45.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56458 (GCVE-0-2026-56458)
Vulnerability from cvelistv5 – Published: 2026-07-09 08:51 – Updated: 2026-07-09 12:34- CWE-942 - Permissive cross-domain security policy with untrusted domains
| Vendor | Product | Version | |
|---|---|---|---|
| HCLSoftware | HCL DevOps Deploy |
Affected:
8.1-8.1.2.6, 8.2-8.2.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-09T12:34:18.620355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T12:34:23.917Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HCL DevOps Deploy",
"vendor": "HCLSoftware",
"versions": [
{
"status": "affected",
"version": "8.1-8.1.2.6, 8.2-8.2.1.0"
}
]
}
],
"datePublic": "2026-07-09T08:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains.\u003c/p\u003e"
}
],
"value": "HCL DevOps Deploy uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive cross-domain security policy with untrusted domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T08:51:07.571Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0131695"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL DevOps Deploy is susceptible to a Permissive Cross-domain Security Policy with Untrusted Domains",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2026-56458",
"datePublished": "2026-07-09T08:51:07.571Z",
"dateReserved": "2026-06-22T13:38:32.649Z",
"dateUpdated": "2026-07-09T12:34:23.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56076 (GCVE-0-2026-56076)
Vulnerability from cvelistv5 – Published: 2026-06-18 22:12 – Updated: 2026-06-22 17:16- CWE-942 - Permissive Cross-domain Security Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://github.com/MervinPraison/PraisonAI/securi… | vendor-advisory |
| https://www.vulncheck.com/advisories/praisonai-cr… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T15:36:05.630759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:16:20.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PraisonAI",
"vendor": "PraisonAI",
"versions": [
{
"lessThan": "1.5.128",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.5.128",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:praison:praisonai:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.128",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "offset"
}
],
"datePublic": "2026-04-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PraisonAI before 1.5.128 contains a cross-origin agent execution vulnerability in the AGUI endpoint that allows remote attackers to trigger arbitrary agent execution. The POST /agui endpoint lacks authentication and hardcodes Access-Control-Allow-Origin: * headers, combined with Starlette\u0027s Content-Type-agnostic JSON parsing, enabling attackers to bypass CORS preflight checks via simple requests and exfiltrate sensitive agent responses including tool execution results and environment data."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "Permissive Cross-domain Security Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T22:12:24.090Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GHSA Advisory GHSA-x462-jjpc-q4q4",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x462-jjpc-q4q4"
},
{
"name": "VulnCheck Advisory: PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/praisonai-cross-origin-agent-execution-via-hardcoded-wildcard-cors-and-missing-authentication-on-agui-endpoint"
}
],
"title": "PraisonAI - Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-56076",
"datePublished": "2026-06-18T22:12:24.090Z",
"dateReserved": "2026-06-18T15:57:20.434Z",
"dateUpdated": "2026-06-22T17:16:20.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55110 (GCVE-0-2026-55110)
Vulnerability from cvelistv5 – Published: 2026-07-02 14:49 – Updated: 2026-07-02 15:52- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| Vendor | Product | Version | |
|---|---|---|---|
| Ubiquiti Inc | UniFi OS Server |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Dream Machines |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Enterprise Fortress Gateway |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Dream Wall |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Dream Routers |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Express 7 |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Cloud Keys |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Network Video Recorders |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Enterprise Video Recorders |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Cloud Gateways |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Network Attached Storage |
Affected:
0 , < 5.1.19
(semver)
|
|
| Ubiquiti Inc | Enterprise Firewall Core |
Affected:
0 , < 5.1.19
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-02T15:41:35.927153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T15:52:20.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UniFi OS Server",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dream Machines",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Fortress Gateway",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dream Wall",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dream Routers",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Express 7",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Keys",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Video Recorders",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Video Recorders",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Cloud Gateways",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Network Attached Storage",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Firewall Core",
"vendor": "Ubiquiti Inc",
"versions": [
{
"lessThan": "5.1.19",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user\u0027s session."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T14:49:16.794Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-066-066/984eceb3-49c8-4227-942d-671c289b3afc"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2026-55110",
"datePublished": "2026-07-02T14:49:16.794Z",
"dateReserved": "2026-06-16T15:00:01.614Z",
"dateUpdated": "2026-07-02T15:52:20.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54753 (GCVE-0-2026-54753)
Vulnerability from cvelistv5 – Published: 2026-06-26 18:13 – Updated: 2026-06-26 19:09| URL | Tags |
|---|---|
| https://github.com/nrwl/nx/security/advisories/GH… | x_refsource_CONFIRM |
| https://github.com/nrwl/nx/pull/35494 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T19:09:19.972525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T19:09:33.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "nx",
"vendor": "nrwl",
"versions": [
{
"status": "affected",
"version": "\u003e= 17.0.4, \u003c 22.7.2"
},
{
"status": "affected",
"version": "\u003e= 23.0.0-beta.0, \u003c 23.0.0-beta.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nx is a monorepo solution for TypeScript and polyglot codebases. From 17.0.4 until 22.7.2 and 23.0.0-beta.2, the local HTTP server started by nx graph sent Access-Control-Allow-Origin: * on every response, letting any website a developer visited read the server\u0027s responses cross-origin \u2014 including the full project graph and the output of the /help endpoint, which runs a target\u0027s configured help command. The practical impact is typically cross-origin information disclosure, but can be arbitrary command injection in rare cases. This vulnerability is fixed in 22.7.2 and 23.0.0-beta.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T18:13:34.371Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nrwl/nx/security/advisories/GHSA-g2r8-wvmj-jf5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nrwl/nx/security/advisories/GHSA-g2r8-wvmj-jf5w"
},
{
"name": "https://github.com/nrwl/nx/pull/35494",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nrwl/nx/pull/35494"
}
],
"source": {
"advisory": "GHSA-g2r8-wvmj-jf5w",
"discovery": "UNKNOWN"
},
"title": "Nx: `nx graph` dev server permissive CORS policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54753",
"datePublished": "2026-06-26T18:13:34.371Z",
"dateReserved": "2026-06-15T23:12:41.965Z",
"dateUpdated": "2026-06-26T19:09:33.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54290 (GCVE-0-2026-54290)
Vulnerability from cvelistv5 – Published: 2026-06-22 17:15 – Updated: 2026-06-22 17:26- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:26:00.514535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:26:12.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.12.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, with credentials: true and no explicit origin (the default wildcard), the CORS Middleware reflects the request\u0027s Origin and sends Access-Control-Allow-Credentials: true. Any site can then make credentialed cross-origin requests and read the responses, exposing cookie-authenticated endpoints to arbitrary origins. This vulnerability is fixed in 4.12.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:15:35.689Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-88fw-hqm2-52qc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-88fw-hqm2-52qc"
}
],
"source": {
"advisory": "GHSA-88fw-hqm2-52qc",
"discovery": "UNKNOWN"
},
"title": "Hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54290",
"datePublished": "2026-06-22T17:15:35.689Z",
"dateReserved": "2026-06-12T17:46:37.293Z",
"dateUpdated": "2026-06-22T17:26:12.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50088 (GCVE-0-2026-50088)
Vulnerability from cvelistv5 – Published: 2026-06-12 15:01 – Updated: 2026-06-12 15:51- CWE-942 - Permissive cross-domain security policy with untrusted domains
| URL | Tags |
|---|---|
| https://github.com/xn0tsa/theres-no-place-like-home | technical-description |
| https://www.runzero.com/advisories/aqara-dev-port… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Aqara | Aqara Developer Portal |
Affected:
2026-04-20 , < 0
(date)
|
|
| Aqara | Aqara Developer Test Portal |
Affected:
2026-04-20 , < 0
(date)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50088",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T15:51:00.517874Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:51:21.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xn0tsa/theres-no-place-like-home"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aqara Developer Portal",
"vendor": "Aqara",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "2026-04-20",
"versionType": "date"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Aqara Developer Test Portal",
"vendor": "Aqara",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "2026-04-20",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sammy Azdoufal"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tod Beardsley of runZero, Inc."
}
],
"datePublic": "2026-06-12T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of \"CWE-942: Permissive Cross-domain Policy with Untrusted Domains,\" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High)."
}
],
"value": "The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin request sharing, which is an instance of \"CWE-942: Permissive Cross-domain Policy with Untrusted Domains,\" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive cross-domain security policy with untrusted domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:01:49.680Z",
"orgId": "44488dab-36db-4358-99f9-bc116477f914",
"shortName": "runZero"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://github.com/xn0tsa/theres-no-place-like-home"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.runzero.com/advisories/aqara-dev-portal-cors-cve-2026-50088"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Aqara Developer Portal cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
"assignerShortName": "runZero",
"cveId": "CVE-2026-50088",
"datePublished": "2026-06-12T15:01:49.680Z",
"dateReserved": "2026-06-03T14:25:34.982Z",
"dateUpdated": "2026-06-12T15:51:21.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-50087 (GCVE-0-2026-50087)
Vulnerability from cvelistv5 – Published: 2026-06-12 15:01 – Updated: 2026-06-12 15:52- CWE-942 - Permissive cross-domain security policy with untrusted domains
| URL | Tags |
|---|---|
| https://github.com/xn0tsa/theres-no-place-like-home | technical-description |
| https://www.runzero.com/advisories/aqara-iam-sso-… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Aqara | Aqara IAM/SSO Gateway |
Affected:
2026-04-20 , < 0
(date)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-50087",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T15:51:57.814157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:52:19.433Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xn0tsa/theres-no-place-like-home"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Aqara IAM/SSO Gateway",
"vendor": "Aqara",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "2026-04-20",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sammy Azdoufal"
},
{
"lang": "en",
"type": "coordinator",
"value": "Tod Beardsley of runZero, Inc."
}
],
"datePublic": "2026-06-12T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of \"CWE-942: Permissive Cross-domain Policy with Untrusted Domains,\" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High)."
}
],
"value": "The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of \"CWE-942: Permissive Cross-domain Policy with Untrusted Domains,\" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive cross-domain security policy with untrusted domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:01:37.508Z",
"orgId": "44488dab-36db-4358-99f9-bc116477f914",
"shortName": "runZero"
},
"references": [
{
"tags": [
"technical-description"
],
"url": "https://github.com/xn0tsa/theres-no-place-like-home"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.runzero.com/advisories/aqara-iam-sso-cors-cve-2026-50087"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Aqara IAM/SSO Gateway cross-origin resource sharing",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "44488dab-36db-4358-99f9-bc116477f914",
"assignerShortName": "runZero",
"cveId": "CVE-2026-50087",
"datePublished": "2026-06-12T15:01:37.508Z",
"dateReserved": "2026-06-03T14:25:34.982Z",
"dateUpdated": "2026-06-12T15:52:19.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Strategy: Attack Surface Reduction
Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Strategy: Attack Surface Reduction
Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Strategy: Environment Hardening
For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.