PatchSiren

Domoticz CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Domoticz CVE published 2026-03-25

CVE-2026-1001

CVE-2026-1001 is a stored cross-site scripting vulnerability in Domoticz versions prior to 2026.1. The vulnerability exists in the Add Hardware and rename device functionality of the web interface, allowing authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. This could lead to unauthorized actions within the session context of users viewin [truncated]