38 matches found
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882
OpenRemote’s Velbus asset import vulnerability (CVE-2026-40882) is an XXE in the import path prior to version 1.22.0. An authenticated user with import access can trigger XML external entity processing when posting Velbus project XML, potentially causing server-side file disclosure (target file
CVE-2026-41166 OpenRemote has Improper Access Control via updateUserRealmRoles function
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-41166 OpenRemote has Improper Access Control via updateUserRealmRoles function
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
EUVD-2026-25096
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-41166
Summary of CVE-2026-41166 : OpenRemote prior to v1.22.1 allows a user with the OpenRemote Keycloak realm role write:admin in one realm to call the Manager API and update realm roles for users in a different realm, including the master realm. The underlying issue is that the handler uses the {real...
OpenRemote has Improper Access Control via updateUserRealmRoles function
Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass via the updateUserRealmRoles function. An attacker can escalate privileges by invoking the API with a valid token from one realm to modify user roles in another realm, potentially granting administrative access to...
OpenRemote 访问控制错误漏洞
OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.1 contained a access control vulnerability. This vulnerability stemmed from the possibility for users with the write:admin permission to call the Manager API and update user Keycloak domain rol...
OpenRemote 代码问题漏洞
OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.0 contained code vulnerabilities. These vulnerabilities stemmed from the XML parsing process during asset import in Velbus, where the XML external entities were not properly secured. This allow...
Exploit for CVE-2026-39842
CVE-2026-39842: OpenRemote Expression Injection RCE in Rules E...
CVE-2026-39842
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
CVE-2026-39842
OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the rules engine process. An attacker can execute arbitrary code on the server, read arbitrary files, steal environment variables including database credentials, and bypass multi-tenant isolation to access da...
OpenRemote 安全漏洞
OpenRemote is an open-source IoT platform developed by OpenRemote. Versions of OpenRemote prior to 1.22.0 contained security vulnerabilities. These vulnerabilities were caused by two related expression injections in the rule engine, which could allow arbitrary code to execute on the server...