These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-32649 is a command injection issue in the web server of specific Milesight camera firmware. CISA’s advisory (ICSA-26-113-03) was published on 2026-04-23 and identifies affected device families, with vendor firmware updates provided as the primary remediation. The supplied advisory also assigns SSVCv2 values of Exploitation: Possible and Automatable: Yes.
CVE-2026-32644 covers Milesight AIOT camera firmware versions that use SSL certificates with default private keys. CISA published the advisory on 2026-04-23 and lists a wide set of affected camera families. The core risk is that TLS/SSL trust for impacted devices can no longer be assumed to be unique to each installation, which can undermine device identity and expose encrypted management or service traff [truncated]
CVE-2026-28747 affects specific Milesight AIOT camera firmware and involves weak key generation. CISA’s advisory points administrators to vendor firmware updates for the impacted models. Based on the supplied enrichment, it is not listed in CISA KEV, so this is best treated as a high-priority patching and asset-validation issue rather than a confirmed active-exploitation case.
CISA’s advisory ICSA-26-113-03 says specific Milesight AIOT camera firmware versions contain hard-coded credentials. Milesight recommends updating affected devices to the fixed firmware releases listed in the advisory; the supplied enrichment does not include a KEV entry.
CVE-2026-20766 is a high-severity Milesight camera firmware issue involving an out-of-bounds memory access condition in specific firmware versions. CISA published the advisory on 2026-04-23 and rated the issue with SSVC v2 as exploitation potentially possible and automatable, while the CVSS v3.1 vector reflects network reachability with required user interaction and high confidentiality, integrity, and av [truncated]