PatchSiren cyber security CVE debrief
CVE-2026-50108 Naxclow CVE debrief
CVE-2026-50108 is a HIGH-severity vulnerability in the Naxclow platform API. The API returns device relay registration details without verifying the requester's identity, allowing an attacker to retrieve credentials for arbitrary devices and register on the relay as that device. This enables interception and disruption of its communications.
- Vendor
- Naxclow
- Product
- Smart Doorbell X3
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Anyone using the Naxclow platform should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The Naxclow platform API has a vulnerability (CVE-2026-50108) that allows an attacker to retrieve credentials for arbitrary devices and register on the relay as that device. This is possible because the API does not verify the requester's identity. The vulnerability has a CVSS score of 8.7 and is considered HIGH-severity.
Defensive priority
High
Recommended defensive actions
- Review and update API authentication and authorization mechanisms to ensure only legitimate devices and owners can access device relay registration details.
- Implement additional security measures, such as token-based authentication or signature verification, to prevent unauthorized access to the API.
Evidence notes
The CVE-2026-50108 vulnerability was reported by an unknown vendor and has a CVSS score of 8.7. The vulnerability is related to CWE-862.
Official resources
CVE-2026-50108 was published on 2026-06-12T19:16:29.633Z and has not been modified since then.