PatchSiren

MAXHUB CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH MAXHUB CVE published 2026-05-07

CVE-2026-6411

CVE-2026-6411 affects MAXHUB Pivot client application versions prior to v1.36.2. According to the CISA advisory, the application may let an attacker recover encrypted tenant email addresses and related metadata from any tenant because a hardcoded AES key is present in the client. The same advisory also notes a denial-of-service risk if an attacker enrolls multiple unauthorized devices into a tenant via MQ [truncated]

HIGH MAXHUB CVE published 2025-12-04

CVE-2025-53704

A critical authentication vulnerability exists in the MAXHUB Pivot client application where the password reset mechanism is implemented with insufficient security controls. The weakness allows unauthenticated remote attackers to bypass authentication and take over user accounts without requiring prior access or user interaction. This vulnerability is particularly severe for industrial control system envir [truncated]