Plattform
other
Komponente
enet-smart-home-server
Behoben in
2.3.2
2.2.2
CVE-2026-26369 describes a privilege escalation vulnerability discovered in the eNet SMART HOME server. Attackers can exploit this flaw to elevate their user privileges, potentially gaining administrative control over the entire smart home system. This vulnerability affects versions 2.2.1 through 2.3.1 (46841) and has been resolved in version 2.3.2.
The impact of CVE-2026-26369 is severe. A successful exploitation allows a low-privileged user (UGUSER) to bypass authorization checks and gain UGADMIN privileges. This grants them complete control over the eNet SMART HOME server, enabling modification of device configurations, network settings, and other critical smart home functions. The attacker could effectively take over the entire smart home ecosystem, potentially compromising connected devices and user data. This vulnerability shares similarities with other privilege escalation flaws where insufficient access controls lead to unauthorized access and control.
CVE-2026-26369 was publicly disclosed on 2026-02-15. The CVSS score of 9.8 (CRITICAL) indicates a high probability of exploitation. No public proof-of-concept (POC) code has been released as of this writing, but the vulnerability's ease of exploitation suggests it could become a target for automated attacks. It is not currently listed on the CISA KEV catalog.
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-26369 is to upgrade the eNet SMART HOME server to version 2.3.2 or later. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting network access to the /jsonrpc/management endpoint to only trusted sources. Monitor the server logs for suspicious POST requests targeting the setUserGroup JSON-RPC method, specifically looking for attempts to modify user group assignments. While a WAF might offer some protection, it's not a substitute for patching.
Aktualisieren Sie den eNet SMART HOME Server auf eine Version nach 2.3.1, die die Privilege Escalation Vulnerabilität behebt. Wenden Sie sich an die JUNG Anbieterwebsite, um die neueste Version und die Update-Anweisungen zu erhalten. Stellen Sie sicher, dass Sie bei der Konfiguration und Verwaltung Ihres Smart Home Systems bewährte Sicherheitspraktiken befolgen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-26369 is a critical vulnerability in eNet SMART HOME server versions 2.2.1–2.3.1 that allows a low-privileged user to escalate to an administrator, gaining full control of the system. This is due to insufficient authorization checks in the setUserGroup JSON-RPC method.
You are affected if you are running eNet SMART HOME server version 2.2.1 or 2.3.1. Versions prior to 2.3.2 are vulnerable to privilege escalation.
Upgrade your eNet SMART HOME server to version 2.3.2 or later to resolve this vulnerability. If immediate upgrade is not possible, restrict access to the /jsonrpc/management endpoint.
While no public exploits are currently known, the ease of exploitation suggests a high likelihood of exploitation. Monitor your systems closely and apply the patch as soon as possible.
Refer to the official eNet security advisory for detailed information and updates regarding CVE-2026-26369. Check the eNet website or contact eNet support for the latest advisory.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.