EUVD-2026-36480
The Aqara Cloud OAuth Authorization Endpoint open-cn.aqara.com/oauth/authorize is vulnerable to a redirect bypass due to lax controls on domain matching, which is an instance of "CWE-1289: Improper Validation of Unsafe Equivalence in Input" and has an estimated CVSS of...