EEF-CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Summary Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices...