CVE-2026-50087 HIGH

CVE-2026-50087: Aqara IAM/SSO Gateway cross-origin resource sharing

Vendor Aqara
Product Aqara IAM/SSO Gateway
Weakness CWE-942
Published June 12, 2026
Last update June 12, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissive Cross-domain Policy with Untrusted Domains," and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N (8.2 High).

Key dates

02Disclosure timeline

June 12, 2026 CVE published
June 12, 2026 Record updated