CVE-2026-26366 CRITICAL

CVE-2026-26366: JUNG eNet SMART HOME server 2.2.1/2.3.1 Use of Default Credentials

Vendor Jung
Product eNet SMART HOME server
Weakness CWE-1392
Published February 15, 2026
Last update February 17, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after installation and commissioning without enforcing a mandatory password change. Unauthenticated attackers can use these default credentials to gain administrative access to sensitive smart home configuration and control functions.

Key dates

02Disclosure timeline

February 15, 2026 CVE published
February 17, 2026 Record updated