CVE-2026-28806
CVE-2026-28806 describes an improper authorization in nerves-hub_web that allows cross-organization device control via device bulk actions and the device update API. Missing authorization checks enable authenticated users to target devices belonging to other organizations by manipulating device i...