PatchSiren cyber security CVE debrief
CVE-2026-56784 openremote CVE debrief
CVE-2026-56784 is an insecure direct object reference (IDOR) vulnerability in OpenRemote before version 1.25.0. The vulnerability exists in the bulk alarm deletion endpoint and allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. This is possible because the removeAlarms() method in AlarmResourceImpl.java omits realm-scoping validation in its JPA query. As a result, any user with alarm-write permissions can enumerate sequential auto-increment alarm IDs and delete cross-tenant alarm records without authorization. The CVSS score for this vulnerability is 8.6, indicating a high severity. The vulnerability was published on June 23, 2026, and last modified on the same day.
- Vendor
- openremote
- Product
- Unknown
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-23
- Original CVE updated
- 2026-06-23
- Advisory published
- 2026-06-23
- Advisory updated
- 2026-06-23
Who should care
Administrators and users of OpenRemote versions prior to 1.25.0 should be aware of this vulnerability and take immediate action to upgrade to the latest version or apply necessary patches. Additionally, security teams and vulnerability managers should prioritize this high-severity vulnerability and ensure that affected systems are remediated promptly.
Technical summary
The IDOR vulnerability in OpenRemote's bulk alarm deletion endpoint allows attackers to delete alarms from other tenants. This is achieved by exploiting the lack of realm-scoping validation in the removeAlarms() method of AlarmResourceImpl.java. An attacker with alarm-write permissions can enumerate alarm IDs and delete alarms belonging to other tenants without authorization. The vulnerability has a CVSS score of 8.6 and is considered high severity.
Defensive priority
High priority should be given to remediating this vulnerability, as it allows for unauthorized deletion of alarms across tenants. Immediate action is recommended to upgrade to OpenRemote version 1.25.0 or later, or to apply necessary patches.
Recommended defensive actions
- Upgrade to OpenRemote version 1.25.0 or later
- Apply necessary patches to remediate the vulnerability
- Restrict access to the bulk alarm deletion endpoint
- Monitor for suspicious activity related to alarm deletion
- Perform regular security audits and vulnerability assessments
Evidence notes
The CVE record and NVD detail provide official information about the vulnerability. Additional sources, including Vulncheck and GitHub advisories, offer further context and details about the vulnerability.
Official resources
This article is AI-assisted and based on the supplied source corpus.