373 matches found
CVE-2026-53676
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...
CVE-2026-53676
Technical details for CVE-2026-53676 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
PT-2026-50571
Name of the Vulnerable Software and Affected Versions ThingsBoard affected versions not specified Description Prototype pollution occurs when an attacker can manipulate the prototype of an object, potentially leading to arbitrary code execution within a sandboxed context. This issue can be...
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
CVE-2026-36537
ThingsBoard v4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the /login/oauth2/code/ endpoint. By manipulating the email address in this JSON object, a remote...
PT-2026-49287
Name of the Vulnerable Software and Affected Versions ThingsBoard version 4.3.0.1 Description An authentication bypass exists during the OAuth authorization code exchange. The application improperly trusts user-supplied identity data within the user parameter of the '/login/oauth2/code/' endpoint...
CVE-2026-36537
ThingsBoard 4.3.0.1 is vulnerable to an authentication bypass during the OAuth authorization code exchange. The vulnerability arises because the application trusts user-supplied identity data in the user parameter of the /login/oauth2/code/ endpoint; by manipulating the email field in that JSON, ...
GHSA-R29C-68GH-XP6X vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-H6FC-48RJ-7QQH vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-GX5V-XP9W-J4CG vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-FV25-8XCX-GQJC vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43515 vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-9M89-8FRQ-C98C vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-5MP6-JRQ3-R938 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43514 vulnerabilities
Vulnerabilities for packages: thingsboard...
GHSA-5M62-PW8W-7W9F vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43513 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-43512 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-42498 vulnerabilities
Vulnerabilities for packages: thingsboard...
CVE-2026-41293 vulnerabilities
Vulnerabilities for packages: thingsboard...