55 matches found
CVE-2026-54641
creationtimestamp| type| source ---|---|--- 2026-07-06 22:35:18+00:00| published-proof-of-concept| https://github.com/openremote/openremote/security/advisories/GHSA-xqr9-4wvv-gvch...
CVE-2026-54640
creationtimestamp| type| source ---|---|--- 2026-07-06 22:35:16+00:00| published-proof-of-concept| https://github.com/openremote/openremote/security/advisories/GHSA-7v6w-c3f4-9wpq...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the startAssetImport process. An attacker can access arbitrary files on the server filesystem and potentially interact with internal or cloud metadata endpoints by uploading a specially crafted ETS...
CVE-2026-49439
creationtimestamp| type| source ---|---|--- 2026-07-06 18:35:13+00:00| published-proof-of-concept| https://github.com/openremote/openremote/security/advisories/GHSA-xj53-j257-hxvg...
CVE-2026-57168
creationtimestamp| type| source ---|---|--- 2026-07-02 22:35:13+00:00| published-proof-of-concept| https://github.com/openremote/openremote/security/advisories/GHSA-h3m5-97jq-qjrf...
CVE-2026-56120
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...
CVE-2026-56120
Affected software: OpenRemote before 1.25.0.Vulnerability: insecure direct object reference (IDOR) in the bulk alarm deletion endpoint.Root cause: removeAlarms() in AlarmResourceImpl.java omits realm-scoping validation in the JPA query, enabling any user with alarm-write permissions to enumerate ...
EUVD-2026-38594
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it's a duplicate of CVE-2026-56784...
CVE-2026-56784
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
CVE-2026-56784
OpenRemote Manager before 1.24.2 contains an insecure direct object reference in removeAlarms(), enabling authenticated users to delete alarms across tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint does not validate that IDs belong to the caller’s realm, enabling cross-tenant...
EUVD-2026-38444
OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms method that allows authenticated users to delete alarms from other tenants by supplying arbitrary alarm IDs. The bulk deletion endpoint fails to validate that targeted alarm IDs belong ...
CVE-2026-56784 OpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion Endpoint
OpenRemote before 1.25.0 contains an insecure direct object reference IDOR vulnerability in the bulk alarm deletion endpoint that allows authenticated users to permanently delete alarms belonging to other tenants by supplying arbitrary alarm IDs. The removeAlarms method in AlarmResourceImpl.java...
GHSA-H3M5-97JQ-QJRF OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-41166
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...
CVE-2026-40882
OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to...