PatchSiren cyber security CVE debrief
CVE-2026-50089 Aqara CVE debrief
CVE-2026-50089 is a Medium severity vulnerability in the Aqara IAM/SSO Gateway (gw-builder.aqara.com). The vulnerability is an instance of CWE-601: URL Redirection to Untrusted Site, which can be exploited to set up a phishing attack. The CVSS score for this vulnerability is 6.1, with an Attack Vector (AV) of Network (N), Attack Complexity (AC) of Low (L), Privileges Required (PR) of None (N), User Interaction (UI) of Required (R), Scope (S) of Changed (C), Confidentiality (C) of Low (L), Integrity (I) of Low (L), and Availability (A) of None (N).
- Vendor
- Aqara
- Product
- Aqara IAM/SSO Gateway
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Anyone using the Aqara IAM/SSO Gateway should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The Aqara IAM/SSO Gateway provides an open redirect, which can be used to redirect users to an untrusted site. This can be exploited to set up a phishing attack.
Defensive priority
Medium
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Implement additional security measures, such as input validation and output encoding, to prevent similar vulnerabilities.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level.
Official resources
-
CVE-2026-50089 CVE record
CVE.org
-
CVE-2026-50089 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
44488dab-36db-4358-99f9-bc116477f914
-
Source reference
44488dab-36db-4358-99f9-bc116477f914
CVE-2026-50089 was published on 2026-06-12T16:16:32.513Z and modified on 2026-06-12T17:16:26.050Z.