CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806

CVE-2026-28806 describes an improper authorization in nerves-hub_web that allows cross-organization device control via device bulk actions and the device update API. Missing authorization checks enable authenticated users to target devices belonging to other organizations by manipulating device i...

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...