2 matches found
CVE-2026-32295
CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...
CVE-2026-32294
JetKVM before 0.5.4 fails to verify downloaded firmware authenticity, enabling an attacker-in-the-middle or compromised update server to modify firmware and its SHA256 hash to pass verification. Impact is limited to local impact with high integrity risk, per CVSS 3.1/4.0 metrics: local access, hi...