CVE-2026-26367
Affected product : eNet SMART HOME server versions 2.2.1 and 2.3.1. Vulnerability : missing authorization in the deleteUserAccount JSON-RPC method, allowing any authenticated low-privilege user (UG_USER) to delete arbitrary user accounts (excluding built-in admin). Impact : potential for unauthor...