CVE Catalog
CVE-2026-36906
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.23%
13th percentile - higher than 13% of all known CVEs
Summary
A Cross-Site Scripting (XSS) vulnerability has been discovered in IoTGateway version 3.0.1 within the Log Record Function. This allows a remote attacker to execute arbitrary JavaScript code in the victim's browser.
Risk Assessment
An attacker could hijack an administrator session, steal credentials, or spread malware within the organization's internal network.
Recommendation
Immediately update IoTGateway to the latest patched version. Until then, restrict access to the admin panel and disable the Log Record Function if feasible.
Original NVD description (English source)
Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remote attacker to execute arbitrary code via the Log Record Function

