CVE-2026-6411 affects MAXHUB Pivot client application versions prior to v1.36.2. According to the CISA advisory, the application may let an attacker recover encrypted tenant email addresses and related metadata from any tenant because a hardcoded AES key is present in the client. The same advisory also notes a denial-of-service risk if an attacker enrolls multiple unauthorized devices into a tenant via MQ [truncated]
A critical authentication vulnerability exists in the MAXHUB Pivot client application where the password reset mechanism is implemented with insufficient security controls. The weakness allows unauthenticated remote attackers to bypass authentication and take over user accounts without requiring prior access or user interaction. This vulnerability is particularly severe for industrial control system envir [truncated]