CVE-2026-50084
CVE-2026-50084 concerns the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api), where any valid developer token could access any account due to missing authorization (CWE-862). The CVSSv3.1 base score is 9.6 (CRITICAL): Network-based, Low attack complexity, Privileges Required: Low, Use...