CVE Catalog

CVE-2026-50089

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) contains an open redirect vulnerability (CWE-601), allowing an attacker to redirect users to an external malicious site. The estimated CVSS score is 6.1 (Medium).

Risk Assessment

The risk involves the possibility of a phishing attack where a victim, upon clicking a link, is redirected to a fake site, potentially leading to theft of login credentials or other sensitive information.

Recommendation

Immediately update the Aqara IAM/SSO Gateway to the latest version that fixes the open redirect vulnerability. Until the update is applied, implement URL validation mechanisms for redirects.

Original NVD description (English source)

The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (6.1 Medium), which can be used to set up a phishing attack.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS