PatchSiren cyber security CVE debrief
CVE-2026-50088 Aqara CVE debrief
CVE-2026-50088 is a high-severity vulnerability (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N, 8.2 High) affecting the Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com). The vulnerability is an instance of CWE-942: Permissive Cross-domain Policy with Untrusted Domains, allowing cross-origin request sharing.
- Vendor
- Aqara
- Product
- Aqara Developer Portal
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of the Aqara Developer Portal and shared test environments should be aware of this vulnerability and take necessary precautions.
Technical summary
The Aqara Developer Portal and shared test environments exhibit cross-origin request sharing, which is an instance of CWE-942: Permissive Cross-domain Policy with Untrusted Domains.
Defensive priority
High
Recommended defensive actions
- Review and update the cross-domain policy to restrict access to trusted domains only.
- Implement proper validation and sanitization of requests to prevent unauthorized access.
Evidence notes
Evidence of this vulnerability was provided by Runzero.
Official resources
-
CVE-2026-50088 CVE record
CVE.org
-
CVE-2026-50088 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
44488dab-36db-4358-99f9-bc116477f914
-
Source reference
44488dab-36db-4358-99f9-bc116477f914
CVE-2026-50088 was published on 2026-06-12T16:16:32.403Z and modified on 2026-06-12T17:16:25.940Z.